Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zOXI4LTQ5NjItajd2Z84AAz2o
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
Permalink: https://github.com/advisories/GHSA-39r8-4962-j7vgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zOXI4LTQ5NjItajd2Z84AAz2o
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 4 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-39r8-4962-j7vg, CVE-2023-35144
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-35144
- https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2951
- http://www.openwall.com/lists/oss-security/2023/06/14/5
- https://github.com/advisories/GHSA-39r8-4962-j7vg
Affected Packages
maven:jenkins:repository
Affected Version Ranges: <= 1.10No known fixed version