CVE-2019-10335
MEDIUMJenkins ElectricFlow < 1.1.6 - Stored Cross-Site Scripting via Build Status Page
Title source: llmDescription
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/06/11/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108747
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1412
Scores
CVSS v3
5.4
EPSS
0.0006
EPSS Percentile
17.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
jenkins/electricflow
< 1.1.6
org.jenkins-ci.plugins/electricflow
0 - 1.1.7Maven
Published
Jun 11, 2019
Tracked Since
Feb 18, 2026