Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2019-10475

Published: 23/10/2019 Updated: 25/10/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Build-metrics

Vulnerability Summary

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows malicious users to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins build-metrics

Exploits

Exploit DB: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
# Exploit Title: Jenkins build-metrics plugin 13 - 'label' Cross-Site Scripting # Date: 2019-11-06 # Exploit Author: vesche (Austin Jackson) # Vendor Homepage: pluginsjenkinsio/build-metrics # Version: Jenkins build-metrics plugin 13 and below # Tested on: Debian 10 (Buster), Jenkins 2203 (latest 2019-11-05), and build-metrics 13 # CV ...
Exploit DB: Jenkins Build-Metrics 1.3 Cross Site Scripting
Jenkins Build-Metrics plugin version 13 suffers from a cross site scripting vulnerability ...

Github Repositories

https://github.com/msepehr/jenkins-build-metrics-xss

Jenkins build-metrics plugin 13 - 'label' Cross-Site Scripting Exploit Description Exploit Title: Jenkins build-metrics plugin 13 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche (Austin Jackson) Vendor Homepage: pluginsjenkinsio/build-metrics Version: Jenkins build-metrics plugin 13 and below Tested on: Debian 10 (Buster),

https://github.com/vesche/CVE-2019-10475

CVE-2019-10475 Quick POC for Jenkins CVE-2019-10475 / SECURITY-1490 reported on 2019-10-23 The issue is within the build-metrics plugin which generates some basic build metrics It's commonly used with the Jenkins sidebar links plugin This is a simple & generic reflected XSS vulnerability The issue is that the plugin does not properly escape the label query para

References

CWE-79https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490http://www.openwall.com/lists/oss-security/2019/10/23/2http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttps://github.com/msepehr/jenkins-build-metrics-xsshttps://www.exploit-db.com/exploits/47598
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook