Lucene search

GitHub Advisory DatabaseGHSA-5J46-5HWQ-GWH7

HistorySep 20, 2023 - 6:30 p.m.

Jenkins Cross-site Scripting vulnerability

2023-09-2018:30:21

CWE-79

GitHub Advisory Database

github.com

jenkins

cross-site scripting

vulnerability

expandabledetailsnote

build log

xss

lts

security

api

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

38.8%

JSON

ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with.

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide caption parameter values.

As of publication, the related API is not used within Jenkins (core), and the Jenkins security team is not aware of any affected plugins.
Jenkins 2.424, LTS 2.414.2 escapes caption constructor parameter values.

Affected configurations

Vulners

Node

org.jenkins-ci.main\Matchjenkins-core

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-corelt2.424
org.jenkins-ci.main:jenkins-corelt2.414.2

CPE	Name	Operator	Version
	org.jenkins-ci.main:jenkins-core	lt	2.424
	org.jenkins-ci.main:jenkins-core	lt	2.414.2

References

www.openwall.com/lists/oss-security/2023/09/20/5

github.com/advisories/GHSA-5j46-5hwq-gwh7

nvd.nist.gov/vuln/detail/CVE-2023-43495

www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245