logo

Database

Server side cross-site scripting In org.jenkins-ci.plugins:docker-swarm

Description

Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view.

Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.

As of publication of this advisory, there is no fix.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2023-403502. NVD-2023-403503. OSV-2023-403504. GCVE-2023-40350

References

1. https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-28112. http://www.openwall.com/lists/oss-security/2023/08/16/3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.