CVE-2019-1003014

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1003014

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003014.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-1003014

Aliases

GHSA-pmc5-74w3-78mw

Downstream

RHBA-2019:0326

Published

2019-02-06T16:29:00.733Z

Modified

2026-05-18T05:51:48.587261152Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file.

Database specific

{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:openshift_container_platform",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "3.11"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/jenkinsci/config-file-provider-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/config-file-provider-plugin

Events

Introduced

Last affected

b1d85c8a51ba62fddf5ec91a497bb9c4859e1257

Database specific

{
    "cpe": "cpe:2.3:a:jenkins:config_file_provider:*:*:*:*:*:jenkins:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.4.1"
        }
    ]
}

Affected versions

2.*

2.8.1

config-file-provider-2.*

config-file-provider-2.10.0

config-file-provider-2.10.1

config-file-provider-2.11

config-file-provider-2.12

config-file-provider-2.13

config-file-provider-2.14-beta

config-file-provider-2.14.1-beta

config-file-provider-2.14.2-beta

config-file-provider-2.15

config-file-provider-2.15.1

config-file-provider-2.15.2-beta

config-file-provider-2.15.3

config-file-provider-2.15.3-beta

config-file-provider-2.15.4

config-file-provider-2.15.5

config-file-provider-2.15.6

config-file-provider-2.15.7

config-file-provider-2.16.0

config-file-provider-2.16.1

config-file-provider-2.16.2

config-file-provider-2.16.3

config-file-provider-2.16.4

config-file-provider-2.17

config-file-provider-2.18

config-file-provider-2.7

config-file-provider-2.7.2

config-file-provider-2.7.3

config-file-provider-2.7.4

config-file-provider-2.7.5

config-file-provider-2.9.1

config-file-provider-2.9.2

config-file-provider-2.9.3

config-file-provider-3.*

config-file-provider-3.0

config-file-provider-3.1

config-file-provider-3.3

config-file-provider-3.4

config-file-provider-3.4.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003014.json"