Lucene search
HistorySep 06, 2023 - 1:15 p.m.
CVE-2023-41944
cve
jenkins
aws
codecommit trigger plugin
html injection
vulnerability
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
16.8%
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
Affected configurations
Node
jenkinsaws_codecommit_triggerRange≤3.0.12jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:aws_codecommit_trigger | jenkins aws codecommit trigger | le | 3.0.12 |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins AWS CodeCommit Trigger Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "3.0.12",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
osv
osv
HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-09-06 15:30:26
nvd
nvd
CVE-2023-41944
2023-09-06 13:15:11
prion
prion
Design/Logic Flaw
2023-09-06 13:15:00
cvelist
cvelist
CVE-2023-41944
2023-09-06 12:09:01
github
github
HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-09-06 15:30:26
alpinelinux
alpinelinux
CVE-2023-41944
2023-09-06 13:15:11
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-09-06)
2023-09-07 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
16.8%
Related for CVE-2023-41944