Stored Cross-Site Scripting Vulnerability in Jenkins Flaky Test Handler Plugin
CVE-2023-40342

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Flaky Test Handler Plugin
Vendor: CVE Published:; 16 August 2023

Summary

The Jenkins Flaky Test Handler Plugin prior to version 1.2.3 is vulnerable to a stored cross-site scripting (XSS) attack. This vulnerability arises from the plugin's failure to properly escape JUnit test contents displayed in the Jenkins user interface. Malicious actors with the ability to control the contents of JUnit report files can exploit this flaw, potentially leading to unauthorized actions or information disclosure.

Affected Version(s)

Jenkins Flaky Test Handler Plugin 0 <= 1.2.2

References

https://www.jenkins.io/security/advisory/2023-08-16/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/08/16/3

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Aug 14, 2023