HTML injection vulnerability in Fortify Plugin
CVE-2023-4303
4.3MEDIUM
Summary
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Affected Version(s)
Jenkins Fortify Plugin <= 22.1.38
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Risk change from: 6.1 to: 4.3 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Kevin Guerroudj, CloudBees, Inc.