Lucene search
JenkinsCVELIST:CVE-2023-25762HistoryFeb 15, 2023 - 12:00 a.m.
CVE-2023-25762
2023-02-1500:00:00
jenkins
www.cve.org
5
jenkins
plugin
xss
EPSS
0.001
Percentile
34.0%
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
CNA Affected
[
{
"product": "Jenkins Pipeline: Build Step Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
Cross-site Scripting in Jenkins Pipeline: Build Step Plugin
2023-02-15 15:30:41
github
github
Cross-site Scripting in Jenkins Pipeline: Build Step Plugin
2023-02-15 15:30:41
cve
cve
CVE-2023-25762
2023-02-15 14:15:13
nvd
nvd
CVE-2023-25762
2023-02-15 14:15:13
prion
prion
Cross site scripting
2023-02-15 14:15:00
redhatcve
redhatcve
CVE-2023-25762
2023-02-15 14:00:08
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.10.58 (RHSA-2023:1866)
2024-01-24 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.58 (RHSA-2023:1866)
2024-04-28 00:00:00
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3195)
2024-04-28 00:00:00
redhat
redhat
(RHSA-2023:3195) Important: jenkins and jenkins-2-plugins security update
2023-05-17 16:15:17