Lucene search

GitHub Advisory DatabaseGHSA-2WVV-PHHW-QVMC

HistoryMay 16, 2023 - 6:30 p.m.

Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting

2023-05-1618:30:16

CWE-79

GitHub Advisory Database

github.com

jenkins

pipeline

job plugin

cross-site scripting

vulnerability

security issue

fix

software

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.5%

JSON

Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when “Do not allow concurrent builds” is set.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

The Jenkins security team is not aware of any plugins that allow the exploitation of this vulnerability, as the build name must be set before the build starts.
Pipeline: Job Plugin 1295.v395eb_7400005 escapes the display name of the build that caused an earlier build to be aborted.

Affected configurations

Vulners

Node

org.jenkins-ci.plugins.workflow\Matchworkflow-cps

CPENameOperatorVersion
org.jenkins-ci.plugins.workflow:workflow-joblt1295.v395eb

CPE	Name	Operator	Version
	org.jenkins-ci.plugins.workflow:workflow-job	lt	1295.v395eb

References

github.com/advisories/GHSA-2wvv-phhw-qvmc

github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821

nvd.nist.gov/vuln/detail/CVE-2023-32977

www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042