Stored Cross-Site Scripting Vulnerability in Jenkins JUnit Plugin
CVE-2023-25761

5.4MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Junit Plugin
Vendor
CVE Published:
15 February 2023

What is CVE-2023-25761?

The Jenkins JUnit Plugin prior to version 1166.va_436e268e972 is susceptible to a stored cross-site scripting vulnerability due to improper escaping of test case class names in JavaScript expressions. This vulnerability allows attackers, who can manipulate the test case class names within the JUnit resources processed by the plugin, to execute arbitrary JavaScript in the context of a user's session. This could lead to unauthorized actions, data theft, or further exploitation of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins JUnit Plugin <= 1166.va_436e268e972

Jenkins JUnit Plugin 1119.1124.va_a_8ccde5658f

References

https://www.jenkins.io/security/advisory/2023-02-15/#SECU...
http://www.openwall.com/lists/oss-security/2023/02/15/4
mailing-list

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.