ghsa-39r8-4962-j7vg
Vulnerability from github
Published
2023-06-14 15:30
Modified
2024-01-30 23:12
Severity
Summary
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
Details
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "jenkins:repository"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-35144"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-30T23:12:41Z",
"nvd_published_at": "2023-06-14T13:15:12Z",
"severity": "MODERATE"
},
"details": "Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.",
"id": "GHSA-39r8-4962-j7vg",
"modified": "2024-01-30T23:12:41Z",
"published": "2023-06-14T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35144"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2951"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Stored XSS vulnerability in Jenkins Maven Repository Server Plugin"
}
Loading...