Lucene search
JenkinsCVE-2023-40350HistoryAug 16, 2023 - 3:15 p.m.
CVE-2023-40350
2023-08-1615:15:12
CWE-79
jenkins
web.nvd.nist.gov
219
cve-2023-40350
jenkins
docker
swarm plugin
xss
vulnerability
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
32.9%
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
Affected configurations
Node
jenkinsdocker_swarmRange≤1.11jenkins
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jenkins | docker_swarm | * | cpe:2.3:a:jenkins:docker_swarm:*:*:*:*:*:jenkins:*:* |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins Docker Swarm Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
cvelist
cvelist
CVE-2023-40350
2023-08-16 14:32:58
prion
prion
Cross site scripting
2023-08-16 15:15:00
osv
osv
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
2023-08-16 15:30:18
nvd
nvd
CVE-2023-40350
2023-08-16 15:15:12
github
github
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
2023-08-16 15:30:18
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-08-16)
2023-08-21 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
32.9%
Related for CVE-2023-40350