Lucene search
JenkinsVULNRICHMENT:CVE-2023-43499HistorySep 20, 2023 - 4:06 p.m.
CVE-2023-43499
2023-09-2016:06:11
jenkins
github.com
jenkins
failure analyzer
xss
vulnerability
attackers
build logs
cve-2023-43499
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
33.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.
Related
github
github
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
2023-09-20 18:30:21
osv
osv
CVE-2023-43499
2023-09-20 17:15:11
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
2023-09-20 18:30:21
cvelist
cvelist
CVE-2023-43499
2023-09-20 16:06:11
nvd
nvd
CVE-2023-43499
2023-09-20 17:15:11
cve
cve
CVE-2023-43499
2023-09-20 17:15:11
prion
prion
Cross site scripting
2023-09-20 17:15:00
nessus
nessus
Jenkins Plugins Multiple Vulnerabilities (2023-09-20)
2023-09-25 00:00:00
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
33.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-43499