Description
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
Remediation
References
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490
http://www.openwall.com/lists/oss-security/2019/10/23/2
http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html
Related Vulnerabilities
CVE-2021-26117 Vulnerability in maven package org.apache.activemq:artemis-server
CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-web-security
CVE-2019-10367 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem
CVE-2022-45389 Vulnerability in maven package com.cloudbees.jenkins.plugins:xpdev