AI Score
Confidence
High
EPSS
Percentile
99.9%
Jenkins build-metrics Plugin does not properly escape the label query parameter, resulting in a reflected cross-site scripting vulnerability.
label
As of publication of this advisory, there is no fix.
packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html
www.openwall.com/lists/oss-security/2019/10/23/2
jenkins.io/security/advisory/2019-10-23/#SECURITY-1490
nvd.nist.gov/vuln/detail/CVE-2019-10475
plugins.jenkins.io/build-metrics