CVE-2023-32984
CVSS V2 None
CVSS V3 None
Description
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
Overview
- CVE ID
- CVE-2023-32984
- Assigner
- jenkinsci-cert@googlegroups.com
- Vulnerability Status
- Received
- Published Version
- 2023-05-16T16:15:11
- Last Modified Date
- 2023-05-16T16:15:11
References
Reference URL | Reference Tags |
---|---|
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-32984 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32984 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-05-16 17:01:20 | Added to TrackCVE |