CVE-2019-1003042: XSS
First published: Thu Mar 28 2019(Updated: )
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jenkins-plugin-lockable-resources | <2.5 | 2.5 |
| Jenkins Lockable Resources | <=2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361
- https://github.com/openshift/jenkins/blob/master/README.md#jenkins-security-advisories-the-master-image-from-this-repository-and-the-oc-binary
- https://access.redhat.com/errata/RHSA-2019:1423
- https://bugzilla.redhat.com/show_bug.cgi?id=1694538
- http://www.openwall.com/lists/oss-security/2019/03/28/2
- http://www.securityfocus.com/bid/107628
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-1003042
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins lockable resources
- version/jenkins lockable resources/2.4
- package-manager/redhat