CVE-2023-25762
published 2023-02-15CVE-2023-25762: Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_credentials_plugin | — | — |
| jenkins | build_step_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | junit_plugin | — | — |
| jenkins | junit_resources_processed_by_the_plugin | — | — |
| jenkins | pipeline | <= 2.18 | — |
| jenkins | synopsys_coverity_plugin | — | — |
| jenkins_project | jenkins_pipeline_build_step_plugin | unspecified – 2.18 | — |