{"id":"CVE-2019-1003042","details":"A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.","aliases":["GHSA-wqjj-c9cx-q7cf"],"modified":"2026-04-11T18:23:10.592621Z","published":"2019-03-28T18:29:00.343Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/03/28/2"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107628"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1423"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1361"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/lockable-resources-plugin","events":[{"introduced":"0"},{"last_affected":"f5bf438b4e71afa39ed2659f19453cc59f447c3d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.4"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:jenkins:lockable_resources:*:*:*:*:*:jenkins:*:*"}}],"versions":["lockable-resources-1.0","lockable-resources-1.1","lockable-resources-1.10","lockable-resources-1.2","lockable-resources-1.3","lockable-resources-1.4","lockable-resources-1.5","lockable-resources-1.6","lockable-resources-1.7","lockable-resources-1.8","lockable-resources-1.9","lockable-resources-2.0","lockable-resources-2.1","lockable-resources-2.2","lockable-resources-2.3","lockable-resources-2.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1003042.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}