CVE-2019-10335

Опубликовано: 11 июн. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.

Ссылки

http://www.openwall.com/lists/oss-security/2019/06/11/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108747
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1412
Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/06/11/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108747
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1412
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:electricflow:*:*:*:*:*:jenkins:*:*

Версия до 1.1.6 (включая)

EPSS

Процентиль: 18%

0.00058

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fx9p-2qvx-pgjv