Moderate severityNVD Advisory· Published Jul 11, 2019· Updated Aug 4, 2024

CVE-2019-10346

Description

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.jenkins.plugins:embeddable-build-status-pluginMaven	< 2.0.2	2.0.2

Affected products

Jenkins Project/Jenkins Embeddable Build Status Pluginv5
Range: 2.0.1 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-94rj-c4jj-v476ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-10346ghsaADVISORY
www.openwall.com/lists/oss-security/2019/07/11/4ghsamailing-listx_refsource_MLISTWEB
www.securityfocus.com/bid/109156ghsavdb-entryx_refsource_BIDWEB
jenkins.io/security/advisory/2019-07-11/ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000