CVE-2023-43499
published 2023-09-20CVE-2023-43499: Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS)…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_failure_analyzer | < 2.4.2 | 2.4.2 |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_creates_a_temporary_file_when_a_plugin | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins_project | jenkins_build_failure_analyzer_plugin | <= 2.4.1 | — |