Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-1003014

Опубликовано: 28 янв. 2019
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.10jenkins-plugin-config-file-providerWill not fix
Red Hat OpenShift Container Platform 3.6jenkins-plugin-config-file-providerWill not fix
Red Hat OpenShift Container Platform 3.7jenkins-plugin-config-file-providerWill not fix
Red Hat OpenShift Container Platform 3.9jenkins-plugin-config-file-providerWill not fix
Red Hat OpenShift Container Platform 4jenkins-2-pluginsAffected
Red Hat OpenShift Container Platform 3.11atomic-enterprise-service-catalogFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshiftFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshift-cluster-autoscalerFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshift-deschedulerFixedRHBA-2019:032620.02.2019
Red Hat OpenShift Container Platform 3.11atomic-openshift-dockerregistryFixedRHBA-2019:032620.02.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1671324jenkins-plugin-config-file-provider: Stored XSS vulnerability in Config File Provider Plugin (SECURITY-1253)

EPSS

Процентиль: 20%
0.00064
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-1003014

CVSS3: 4.8
nvd
около 7 лет назад

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.

github логотип

GHSA-pmc5-74w3-78mw

CVSS3: 4.8
github
больше 3 лет назад

Jenkins Config File Provider Plugin XSS vulnerability

EPSS

Процентиль: 20%
0.00064
Низкий

4.8 Medium

CVSS3