HTML injection vulnerability in Fortify Plugin
CVE-2023-4303

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Fortify Plugin
Vendor: CVE Published:; 21 August 2023

What is CVE-2023-4303?

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.

Affected Version(s)

Jenkins Fortify Plugin 0 <= 22.1.38

References

https://www.jenkins.io/security/advisory/2023-08-16/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 10, 2023

Credit

Kevin Guerroudj, CloudBees, Inc.