.. / CVE-2019-10475

Exploit for Jenkins build-metrics 1.3 - Cross-Site Scripting (CVE-2019-10475)

Description:

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.

Nuclei Template

View the template here CVE-2019-10475.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-10475.yaml

References:

http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html
https://github.com/reph0r/poc-exp
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://nvd.nist.gov/vuln/detail/CVE-2019-10475
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490

.. / CVE-2019-10475 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Jenkins build-metrics 1.3 - Cross-Site Scripting (CVE-2019-10475)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-10475