Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-10475

CWE-79 — Cross-site Scripting (XSS)7 documents7 sources

Severity

6.1MEDIUM

EPSS

92.4%

top 0.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jenkins Build-metrics Jenkins Project Jenkins Build-metrics Plugin

Timeline

PublishedOct 23

Latest updateMay 24

Description

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:build-metrics1.3

▶CVEListV5jenkins_project/jenkins_build-metrics_plugin1.3 and earlier

▶NVDjenkins/build-metrics1.3

🔴Vulnerability Details

GHSA

Jenkins build-metrics Plugin reflected cross-site scripting vulnerability↗2022-05-24

▶

OSV

Jenkins build-metrics Plugin reflected cross-site scripting vulnerability↗2022-05-24

▶

CVEList

CVE-2019-10475: A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages↗2019-10-23

▶

💥Exploits & PoCs

Exploit-DB

Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting↗2019-11-08

▶

Nuclei

Jenkins build-metrics 1.3 - Cross-Site Scripting

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-10-23↗2019-10-23

▶