CVE-2023-32977
published 2023-05-16CVE-2023-32977: Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | cas_plugin | — | — |
| jenkins | code_dx_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | file_parameter_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_hashicorp_vault_plugin | — | — |
| jenkins | job_plugin | — | — |
| jenkins | ldap_plugin | — | — |
| jenkins | loadcomplete_support_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline | <= 1292.v27d8cc3e2602 | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | sidebar_link_plugin | — | — |
| jenkins | tag_profiler_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | testng_report_files_and_displayed_on_the_plugin | — | — |
| jenkins | testng_results_plugin | — | — |