Vulnetix
Try Vulnetix Request Demo
CVE-2019-10395 PUBLISHED CVSS 3.5 LOW

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.

EPSS 0.10% · 28.0th percentile

Risk Scores

CVSS v2.0
3.5
EPSS Score
0.10%
28.0th percentile

Affected Products

VendorProductVersions
Mavenorg.jenkins-ci.plugins:build-environment0
Jenkins projectJenkins Build Environment Plugin1.6 and earlier
jenkinsbuild_environment0

Timeline

References

Open in Interactive Console →