3 matches found
CVE-2023-46650
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2023-46650
The CVE-2023-46650 entry corresponds to a stored XSS vulnerability in Jenkins GitHub Plugin versions up to 1.37.3. The root cause is that the plugin does not escape the GitHub project URL on the build page when showing changes, enabling stored XSS attacks. Exploitation is possible by attackers wi...
CVE-2023-46650
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...