CVE-2023-32984 – org.jenkins-ci.plugins:testng-plugin

Package

Manager: maven
Name: org.jenkins-ci.plugins:testng-plugin
Vulnerable Version: >=0 <730.732.v959a

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.025 pctl0.84759

Details

Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file. TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72 escapes the affected values that are parsed from TestNG report files.

Metadata

Created: 2023-05-16T18:30:16Z
Modified: 2024-01-05T13:20:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-h3hg-r97v-5r9w/GHSA-h3hg-r97v-5r9w.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-h3hg-r97v-5r9w
Finding: F425
Auto approve: 1