6 matches found
CVE-2023-39151
A flaw was found in Jenkins, where Jenkins weekly and LTS are vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker can inject malicious script into a web page, which would be executed in a victim's Web browser within the...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-39151 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.40)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-39151 Source advisory: OSV:GHSA-69VW-3PCM-84RW...
CVE-2023-39151
CVE-2023-39151 affects Jenkins core and LTS prior to specific fixes. The issue occurs when Jenkins builds generate hyperlinks from URLs in logs: URLs are not properly sanitized/encoded, enabling a stored XSS vulnerability if an attacker can control the build log contents. Affected versions includ...
CVE-2023-39151
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...
FreeBSD : jenkins -- Stored XSS vulnerability (a0321b74-031d-485c-bb76-edd75256a6f0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a0321b74-031d-485c-bb76-edd75256a6f0 advisory. - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build...
jenkins -- Stored XSS vulnerability
Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...