Hillstone Networks

RULE（RULE ID：333962）

Rule General Information


Release Date:		2021-10-28

Rule Name:		Jenkins CI Server build metrics Cross Site Scripting Vulnerability (CVE-2019-10475)

Severity:

CVE ID:

Rule Protection Details


Description:		A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Impact:		An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.

Affected OS:		Windows, Linux, Others

Reference:		http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html http://www.openwall.com/lists/oss-security/2019/10/23/2 https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490

Solutions

The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://jenkins.io