Lucene search
GitHub Advisory DatabaseGHSA-5J46-5HWQ-GWH7HistorySep 20, 2023 - 6:30 p.m.
Jenkins Cross-site Scripting vulnerability
2023-09-2018:30:21
CWE-79
GitHub Advisory Database
github.com
20
jenkins
cross-site scripting
vulnerability
expandabledetailsnote
build log
xss
lts
security
api
0.001 Low
EPSS
Percentile
38.4%
ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with.
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide caption parameter values.
As of publication, the related API is not used within Jenkins (core), and the Jenkins security team is not aware of any affected plugins.
Jenkins 2.424, LTS 2.414.2 escapes caption constructor parameter values.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | lt | 2.424 | |
| org.jenkins-ci.main:jenkins-core | lt | 2.414.2 |
Related
alpinelinux
alpinelinux
CVE-2023-43495
2023-09-20 17:15:11
cvelist
cvelist
CVE-2023-43495
2023-09-20 16:06:09
osv
osv
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
CVE-2023-43495
2023-09-20 17:15:11
BIT-jenkins-2023-43495
2024-03-06 10:54:50
cve
cve
CVE-2023-43495
2023-09-20 17:15:11
prion
prion
Cross site scripting
2023-09-20 17:15:00
redhatcve
redhatcve
CVE-2023-43495
2023-09-22 11:54:51
veracode
veracode
Cross-site Scripting
2023-09-25 07:18:08
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00