Stored Cross-Site Scripting in Jenkins Pipeline Job Plugin
CVE-2023-32977
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 16 May 2023
What is CVE-2023-32977?
The Jenkins Pipeline Job Plugin is susceptible to a stored cross-site scripting vulnerability due to improper escaping of the display name for builds. This flaw could allow malicious users, capable of setting build display names, to execute arbitrary JavaScript code in the context of other users' browsers. As a result, sensitive data could be compromised, and user sessions hijacked without the need for direct user interaction. It is crucial to update to the patched version to mitigate this security risk.
Affected Version(s)
Jenkins Pipeline: Job Plugin 1295.v395eb_7400005
Jenkins Pipeline: Job Plugin 1295.v395eb_7400005
Jenkins Pipeline: Job Plugin 1289.1291.vb_7c188e7e7df < 1289.*