CVE-2019-1003042

Published: Mar 28, 2019Modified: Jun 17, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

Affected (1)

Products: Jenkins: Lockable Resources

Jenkins

1 product

Lockable Resources

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Lockable Resources	Up to 2.4

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://www.openwall.com/lists/oss-security/2019/03/28/2

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107628

Source: jenkinsci-cert@googlegroups.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:1423

Source: jenkinsci-cert@googlegroups.com

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2019/03/28/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107628

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:1423

Source: af854a3a-2127-422b-91ae-364da2661108

https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.