CVE-2025-47885
published 2025-05-14CVE-2025-47885: Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cadence_vmanager_plugin | — | — |
| jenkins | dingtalk_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | health_advisor_by_cloudbees | <= 374.v194b_d4f0c8c8 | — |
| jenkins | health_advisor_by_cloudbees_plugin | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | openid_connect_provider_plugin | — | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | wso2_oauth_plugin | — | — |
| jenkins_project | jenkins_health_advisor_by_cloudbees_plugin | <= 374.v194b_d4f0c8c8 | — |