Lucene search
GoogleOSV:GHSA-2WVV-PHHW-QVMCHistoryMay 16, 2023 - 6:30 p.m.
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
2023-05-1618:30:16
Google
osv.dev
8
jenkins
pipeline
job plugin
cross-site scripting
0.001 Low
EPSS
Percentile
38.0%
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when “Do not allow concurrent builds” is set.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
The Jenkins security team is not aware of any plugins that allow the exploitation of this vulnerability, as the build name must be set before the build starts.
Pipeline: Job Plugin 1295.v395eb_7400005 escapes the display name of the build that caused an earlier build to be aborted.
Related
cve
cve
CVE-2023-32977
2023-05-16 16:15:10
alpinelinux
alpinelinux
CVE-2023-32977
2023-05-16 16:15:10
prion
prion
Cross site scripting
2023-05-16 16:15:00
github
github
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
2023-05-16 18:30:16
redhatcve
redhatcve
CVE-2023-32977
2023-05-17 04:58:01
veracode
veracode
Cross-site Scripting (XSS)
2023-05-28 14:43:44
cvelist
cvelist
CVE-2023-32977
2023-05-16 15:59:58
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)
2024-01-24 00:00:00
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3610)
2024-04-28 00:00:00
redhat
redhat
(RHSA-2023:3610) Important: jenkins and jenkins-2-plugins security update
2023-06-15 00:10:54
(RHSA-2023:3663) Important: jenkins and jenkins-2-plugins security update
2023-06-19 10:09:14