CVE-2023-32977
CVSS V2 None
CVSS V3 None
Description
Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Overview
- CVE ID
- CVE-2023-32977
- Assigner
- jenkinsci-cert@googlegroups.com
- Vulnerability Status
- Received
- Published Version
- 2023-05-16T16:15:10
- Last Modified Date
- 2023-05-16T16:15:10
References
Reference URL | Reference Tags |
---|---|
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-32977 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32977 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-05-16 17:00:49 | Added to TrackCVE |