CVE-2019-1003042

🗓️ 28 Mar 2019 17:59:29Reported by jenkinsType

A Cross Site Scripting vulnerability in Jenkins Lockable Resources Plugi

Reporter	Title	Published	Views	Family All 20
BDU FSTEC	The vulnerability of the Jenkins Lockable Resources plugin arises from the lack of protective measures for website structures, allowing attackers to inject arbitrary JavaScript code into loaded web pages.	11 Jul 201900:00	–	bdu_fstec
CNVD	CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2019-09292)	1 Apr 201900:00	–	cnvd
Cvelist	CVE-2019-1003042	28 Mar 201917:59	–	cvelist
EUVD	EUVD-2022-5621	3 Oct 202520:07	–	euvd
Github Security Blog	Jenkins Lockable Resources Plugin XSS vulnerability	13 May 202201:25	–	github
NVD	CVE-2019-1003042	28 Mar 201918:29	–	nvd
OSV	GHSA-WQJJ-C9CX-Q7CF Jenkins Lockable Resources Plugin XSS vulnerability	13 May 202201:25	–	osv
OSV	RHSA-2019:1423 Red Hat Security Advisory: Red Hat OpenShift Container Platform 3.11 jenkins-2-plugins security update	16 Sep 202402:31	–	osv
Prion	Cross site scripting	28 Mar 201918:29	–	prion
Positive Technologies	PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin +1	25 Mar 201900:00	–	ptsecurity

NVD

Node

jenkins lockable_resourcesRange≤2.4jenkins

[
  {
    "product": "Jenkins Lockable Resources Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "affected",
        "version": "2.4 and earlier"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/107628
access	www.access.redhat.com/errata/RHSA-2019:1423
openwall	www.openwall.com/lists/oss-security/2019/03/28/2
jenkins	www.jenkins.io/security/advisory/2019-03-25/

17 Jun 2026 02:09Current

5.1Medium risk

Vulners AI Score5.1

CVSS 23.5

CVSS 35.4

EPSS0.01397

CWE-79