CVE-2023-35144 – jenkins:repository

Package

Manager: maven
Name: jenkins:repository
Vulnerable Version: >=0 <=1.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00957 pctl0.75551

Details

Stored XSS vulnerability in Jenkins Maven Repository Server Plugin Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.

Metadata

Created: 2023-06-14T15:30:37Z
Modified: 2024-01-30T23:12:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-39r8-4962-j7vg/GHSA-39r8-4962-j7vg.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-39r8-4962-j7vg
Finding: F425
Auto approve: 1