Moderate severityNVD Advisory· Published Oct 23, 2019· Updated Aug 4, 2024

CVE-2019-10475

Description

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:build-metricsMaven	<= 1.3	—

Affected products

Jenkins Project/Jenkins Build Metrics Pluginv5
Range: 1.3 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-f8w9-66fp-3jgwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-10475ghsaADVISORY
packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.htmlghsax_refsource_MISCWEB
www.openwall.com/lists/oss-security/2019/10/23/2ghsamailing-listx_refsource_MLISTWEB
jenkins.io/security/advisory/2019-10-23/ghsax_refsource_CONFIRMWEB
plugins.jenkins.io/build-metricsghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000