logo

Database

Server side cross-site scripting In org.jenkins-ci.plugins:junit

Description

Cross-site Scripting in Jenkins JUnit Plugin Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-257612. NVD-2023-257613. OSV-2023-257614. GCVE-2023-25761

References

1. https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea022. https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-30323. http://www.openwall.com/lists/oss-security/2023/02/15/4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-L85NI – Vulnerability | Fluid Attacks Database