CVE-2019-10335

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10335

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10335.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10335

Aliases

GHSA-fx9p-2qvx-pgjv

Published

2019-06-11T14:29:00.980Z

Modified

2026-04-10T04:11:48.324372Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.

References

Affected packages

Git / github.com/jenkinsci/electricflow-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/electricflow-plugin

Events

Introduced

Last affected

a3a4b6ea3a9eef20fb156e200d05b45fdb70df40

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.6"
        }
    ]
}

Affected versions

electricflow-1.*

electricflow-1.1.3

electricflow-1.1.4

electricflow-1.1.5

electricflow-1.1.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10335.json"