Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13cWpqLWM5Y3gtcTdjZs4AAQav

Jenkins Lockable Resources Plugin XSS vulnerability

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Permalink: https://github.com/advisories/GHSA-wqjj-c9cx-q7cf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cWpqLWM5Y3gtcTdjZs4AAQav
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 4 months ago

CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-wqjj-c9cx-q7cf, CVE-2019-1003042
References:

Repository: https://github.com/jenkinsci/lockable-resources-plugin
Blast Radius: 1.0

Affected Packages

maven:org.6wind.jenkins:lockable-resources

Affected Version Ranges: <= 2.4
Fixed in: 2.5