CVE-2019-1003042

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1003042

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003042.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-1003042

Aliases

GHSA-wqjj-c9cx-q7cf

Downstream

RHSA-2019:1423

Published

2019-03-28T18:29:00.343Z

Modified

2026-04-10T04:11:45.064296Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.

References

Affected packages

Git / github.com/jenkinsci/lockable-resources-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/lockable-resources-plugin

Events

Introduced

Last affected

f5bf438b4e71afa39ed2659f19453cc59f447c3d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4"
        }
    ]
}

Affected versions

lockable-resources-1.*

lockable-resources-1.0

lockable-resources-1.1

lockable-resources-1.10

lockable-resources-1.2

lockable-resources-1.3

lockable-resources-1.4

lockable-resources-1.5

lockable-resources-1.6

lockable-resources-1.7

lockable-resources-1.8

lockable-resources-1.9

lockable-resources-2.*

lockable-resources-2.0

lockable-resources-2.1

lockable-resources-2.2

lockable-resources-2.3

lockable-resources-2.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003042.json"