CVE-2023-41944
published 2023-09-06CVE-2023-41944: Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | assembla_auth_plugin | — | — |
| jenkins | aws_codecommit_trigger | <= 3.0.12 | — |
| jenkins | aws_codecommit_trigger_plugin | — | — |
| jenkins | bitbucket_push_and_pull_request_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | disabled_permissions_can_be_granted_by_ssh2_easy_plugin | — | — |
| jenkins | disabled_permissions_granted_by_assembla_auth_plugin | — | — |
| jenkins | frugal_testing_plugin | — | — |
| jenkins | google_login_plugin | — | — |
| jenkins | ivy_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | non-constant_time_token_comparison_in_google_login_plugin | — | — |
| jenkins | pipeline_maven_integration_plugin | — | — |
| jenkins | qualys_container_scanning_connector_plugin | — | — |
| jenkins | ssh2_easy_plugin | — | — |
| jenkins | tap_plugin | — | — |
| jenkins_project | jenkins_aws_codecommit_trigger_plugin | <= 3.0.12 | — |