CVE-2025-47885

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 69.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Health Advisor BY Cloudbees PluginJenkins Health Advisor BY Cloudbees
Timeline
PublishedMay 14

Description

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDjenkins/health_advisor_by_cloudbees374.v194b_d4f0c8c8
Mavenorg.jenkins-ci.plugins:cloudbees-jenkins-advisor< 374.376.v3a_41a_a_142efe

🔴Vulnerability Details

3
CVEList
CVE-2025-47885: Jenkins Health Advisor by CloudBees Plugin 3742025-05-14
OSV
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting2025-05-14
GHSA
Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting2025-05-14

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2025-05-142025-05-14
CVE-2025-47885 (HIGH CVSS 8.8) | Jenkins Health Advisor by CloudBees | cvebase.io