CVE-2019-10346 — Cross-site Scripting in Jenkins Embeddable Build Status

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 51.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Embeddable Build Status Jenkins Project Jenkins Embeddable Build Status Plugin

Timeline

PublishedJul 11

Latest updateMay 24

Description

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_embeddable_build_status_plugin2.0.1 and earlier

▶NVDjenkins/embeddable_build_status2.0.1

🔴Vulnerability Details

OSV

Jenkins Embeddable Build Status Plugin contains Cross-site Scripting↗2022-05-24

▶

GHSA

Jenkins Embeddable Build Status Plugin contains Cross-site Scripting↗2022-05-24

▶

CVEList

CVE-2019-10346: A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2↗2019-07-11

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-07-11↗2019-07-11

▶