CVE-2023-35143 – jenkins:repository

Package

Manager: maven
Name: jenkins:repository
Vulnerable Version: >=0 <=1.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.0104 pctl0.76596

Details

Stored XSS vulnerability in Jenkins Maven Repository Server Plugin Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.

Metadata

Created: 2023-06-14T15:30:37Z
Modified: 2024-01-30T23:12:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-9pvw-8q92-hm9w/GHSA-9pvw-8q92-hm9w.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9pvw-8q92-hm9w
Finding: F425
Auto approve: 1