CVE-2023-25763

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

11.7%

top 6.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Email Extension Jenkins Project Jenkins Email Extension Plugin

Timeline

PublishedFeb 15

Description

Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_email_extension_pluginunspecified — 2.93

▶NVDjenkins/email_extension< 2.93.1

▶Mavenorg.jenkins-ci.plugins:email-ext< 2.94

🔴Vulnerability Details

CVEList

CVE-2023-25763: Jenkins Email Extension Plugin 2↗2023-02-15

▶

OSV

Cross-site Scripting in Jenkins Email Extension Plugin↗2023-02-15

▶

GHSA

Cross-site Scripting in Jenkins Email Extension Plugin↗2023-02-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-02-15↗2023-02-15

▶