The vulnerability of the Jenkins Lockable Resources plugin arises from the lack of protective measures for website structures, allowing attackers to inject arbitrary JavaScript code into loaded web pages.

The vulnerability of the Jenkins Lockable Resources plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into the web pages displayed by the plugin...

jenkins-plugin-lockable-resources: XSS vulnerability in Lockable Resources Plugin (SECURITY-1361)

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

CVE-2019-5421

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...

DEBIAN-CVE-2019-5421

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...

UBUNTU-CVE-2019-5421

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...

Design/Logic Flaw

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...

CVE-2019-5421

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...

CVE-2019-5421

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The Devise::Models::Lockable class, more specifically at the incrementfailedattempts method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests c...

CVE-2019-5421

CVE-2019-5421 affects Plataformatec Devise up to version 4.5.0 (and earlier) where the lockable module, specifically Devise::Models::Lockable,#increment_failed_attempts, contains a CWE-367 race condition. This can allow multiple concurrent requests to bypass blocking of brute-force attempts, with...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2019-09292)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Lockable Resources Plugin is used in one of the globa...

Cross site scripting

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

CVE-2019-1003042

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

CVE-2019-1003042

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

CVE-2019-1003042

CVE-2019-1003042 corresponds to a cross-site scripting vulnerability in Jenkins Lockable Resources Plugin (version 2.4 and earlier), where an attacker who can control resource names can inject arbitrary JavaScript into web pages rendered by the plugin. The issue is evidenced in multiple connected...

CVE-2019-1003042

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.4 and earlier Description: The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by...

devise Time-of-check Time-of-use Race Condition vulnerability

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...