Stored Cross-Site Scripting Vulnerability in Jenkins Maven Repository Server Plugin by Jenkins
CVE-2023-35144

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Maven Repository Server Plugin
Vendor: CVE Published:; 14 June 2023

What is CVE-2023-35144?

The Jenkins Maven Repository Server Plugin prior to version 1.11 is susceptible to stored cross-site scripting (XSS) attacks due to improper escaping of user inputs. This vulnerability allows attackers to execute arbitrary JavaScript in the context of users viewing the affected Build Artifacts As Maven Repository page, potentially compromising user data and session integrity. Immediate updates to the plugin are recommended to mitigate these risks. For more details, visit the Jenkins Security Advisory.

Affected Version(s)

Jenkins Maven Repository Server Plugin 0 <= 1.10

References

https://www.jenkins.io/security/advisory/2023-06-14/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/06/14/5

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jun 14, 2023