CVE-2019-1003042

EUVD-2022-5621
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
jenkinslockable_resources
𝑥
≤ 2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2019/03/28/2
http://www.securityfocus.com/bid/107628
https://access.redhat.com/errata/RHSA-2019:1423
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361
http://www.openwall.com/lists/oss-security/2019/03/28/2
http://www.securityfocus.com/bid/107628
https://access.redhat.com/errata/RHSA-2019:1423
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361