Published: 16/05/2023 Updated: 25/05/2023

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins pipeline\\ _job

Synopsis Important: OpenShift Container Platform 41062 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41062 is now available with updates to packages and i ...

Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

CWE-79 https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3625

CVE-2023-32977

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect