Lucene search

JenkinsCVELIST:CVE-2023-43495

HistorySep 20, 2023 - 4:06 p.m.

CVE-2023-43495

2023-09-2016:06:09

jenkins

raw.githubusercontent.com

cve-2023-43495

jenkins

lts

cross-site scripting

vulnerability

exploitable

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the ‘caption’ constructor parameter of ‘ExpandableDetailsNote’, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.