Impact: Moderate Public Date: 2019-08-28 CWE: CWE-79 Bugzilla: 1747293: CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453) A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-10383 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat OpenShift Container Platform 3.10:
This vulnerability has been rated as having a security impact of Moderate. After evaluation and in accordance with the criteria noted in the product support life cycle, there are no plans to address this issue in an upcoming release. Please contact Red Hat Support for further information.
Red Hat OpenShift Container Platform 3.11:
This vulnerability is currently targeted to be addressed in an upcoming release.
Red Hat OpenShift Container Platform 3.9:
This vulnerability has been rated as having a security impact of Moderate. After evaluation and in accordance with the criteria noted in the product support life cycle, there are no plans to address this issue in an upcoming release. Please contact Red Hat Support for further information.
Red Hat OpenShift Container Platform 4.1:
This vulnerability is currently targeted to be addressed in an upcoming release.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 4.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | High |
User Interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity Impact | Low |
Availability Impact | None |
Platform | Package | State |
---|---|---|
Red Hat OpenShift Container Platform 4.1 | jenkins | Affected |
Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix |
Red Hat OpenShift Container Platform 3.11 | jenkins | Affected |
Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix |