Jenkins Build Metrics Plugin
Source repositories
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10475 | 0.10 | — | 0.92 | Oct 23, 2019 | A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | ||
| CVE-2022-34784 | 0.01 | — | 0.09 | Jun 30, 2022 | Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. | ||
| CVE-2022-34785 | 0.00 | — | 0.00 | Jun 30, 2022 | Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. |
- CVE-2019-10475Oct 23, 2019risk 0.10cvss —epss 0.92
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
- CVE-2022-34784Jun 30, 2022risk 0.01cvss —epss 0.09
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
- CVE-2022-34785Jun 30, 2022risk 0.00cvss —epss 0.00
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.