Vulnerability Details CVE-2019-10335
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.7%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.openwall.com/lists/oss-security/2019/06/11/1
- http://www.securityfocus.com/bid/108747
- https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1412
- http://www.openwall.com/lists/oss-security/2019/06/11/1
- http://www.securityfocus.com/bid/108747
- https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1412
Products affected by CVE-2019-10335
-
cpe:2.3:a:jenkins:electricflow:1.0
-
cpe:2.3:a:jenkins:electricflow:1.1.1
-
cpe:2.3:a:jenkins:electricflow:1.1.2
-
cpe:2.3:a:jenkins:electricflow:1.1.3
-
cpe:2.3:a:jenkins:electricflow:1.1.4
-
cpe:2.3:a:jenkins:electricflow:1.1.5
-
cpe:2.3:a:jenkins:electricflow:1.1.6