Vulnerability Description
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Embeddable Build Status | <= 2.0.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/07/11/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/109156Broken LinkThird Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1419Vendor Advisory
- http://www.openwall.com/lists/oss-security/2019/07/11/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/109156Broken LinkThird Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1419Vendor Advisory
FAQ
What is CVE-2019-10346?
CVE-2019-10346 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
How severe is CVE-2019-10346?
CVE-2019-10346 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10346?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Embeddable Build Status.