Security for everyone

CVE-2019-10475 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Jenkins build-metrics Plugin affects v. 1.3 and earlier.

SCAN NOW

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

30 sec

Scan only one

Url

Parent Category

CVE-2019-10475 Scanner Detail

Jenkins build-metrics Plugin is an open-source software tool that is used for collecting and presenting data on build metrics in the Jenkins continuous integration and continuous delivery (CI/CD) server. The plugin captures data relating to build durations, test results, and other crucial parameters that enable developers to track the progress of their builds. It is used by developers to improve the quality of their code, speed up their build processes, and optimize the performance of their applications.

CVE-2019-10475 is a reflected cross-site scripting (XSS) vulnerability that was discovered in the Jenkins build-metrics Plugin. This vulnerability allows attackers to inject malicious HTML and JavaScript code into web pages served by the plugin. This can cause the web pages to execute the code and perform unintended actions, such as stealing sensitive data or taking control of the user's web browser.

When exploited, this vulnerability can lead to serious consequences for both users and developers. Attackers can use the injected code to steal data, modify content, and perform other malicious activities. This can lead to data breaches, loss of sensitive information, and damage to a company's reputation. Furthermore, the malicious code can spread to other users, potentially affecting the entire Jenkins CI/CD infrastructure.

Thanks to the pro features of the securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. This platform provides detailed information on CVEs, such as the one described in this article, as well as actionable insights on how to mitigate vulnerabilities and protect against future attacks. By utilizing this platform, users can keep their digital assets secure and avoid potential security breaches.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture