CVE-2019-1003042 – org.6wind.jenkins:lockable-resources

Package

Manager: maven
Name: org.6wind.jenkins:lockable-resources
Vulnerable Version: >=0 <2.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00107 pctl0.29539

Details

Jenkins Lockable Resources Plugin XSS vulnerability A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Metadata

Created: 2022-05-13T01:25:43Z
Modified: 2024-01-09T22:34:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wqjj-c9cx-q7cf/GHSA-wqjj-c9cx-q7cf.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-wqjj-c9cx-q7cf
Finding: F008
Auto approve: 1