Lucene search

K
cveJenkinsCVE-2023-40346
HistoryAug 16, 2023 - 3:15 p.m.

CVE-2023-40346

2023-08-1615:15:12
CWE-79
jenkins
web.nvd.nist.gov
215
cve-2023-40346
jenkins
shortcut job plugin
xss
vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.9%

Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.

Affected configurations

Nvd
Node
jenkinsshortcut_jobRange0.4jenkins
VendorProductVersionCPE
jenkinsshortcut_job*cpe:2.3:a:jenkins:shortcut_job:*:*:*:*:*:jenkins:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Shortcut Job Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "0.4",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.9%