Lucene search
JenkinsCVELIST:CVE-2023-39151HistoryJul 26, 2023 - 1:54 p.m.
CVE-2023-39151
2023-07-2613:54:52
jenkins
www.cve.org
cve-2023-39151
jenkins
lts
cross-site scripting
url encoding
build logs
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Jenkins",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.416",
"versionType": "maven"
},
{
"lessThan": "2.401.*",
"status": "unaffected",
"version": "2.401.3",
"versionType": "maven"
},
{
"lessThan": "2.414.*",
"status": "unaffected",
"version": "2.414.1",
"versionType": "maven"
}
]
}
]Related
nvd
nvd
CVE-2023-39151
2023-07-26 14:15:10
osv
osv
Jenkins Stored Cross-site Scripting vulnerability
2023-07-26 15:30:57
BIT-jenkins-2023-39151
2024-03-06 10:55:13
CVE-2023-39151
2023-07-26 14:15:10
nessus
nessus
prion
prion
Cross site scripting
2023-07-26 14:15:00
veracode
veracode
Cross-site Scripting (XSS)
2023-07-28 02:45:44
redhatcve
redhatcve
CVE-2023-39151
2023-07-27 06:47:55
freebsd
freebsd
jenkins -- Stored XSS vulnerability
2023-07-26 00:00:00
alpinelinux
alpinelinux
CVE-2023-39151
2023-07-26 14:15:10
cve
cve
CVE-2023-39151
2023-07-26 14:15:10
github
github
Jenkins Stored Cross-site Scripting vulnerability
2023-07-26 15:30:57
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00