Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-05-16T15:59:58.835Z

Updated: 2024-08-02T15:32:46.593Z

Reserved: 2023-05-16T10:55:43.517Z

Link: CVE-2023-32977

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-05-16T16:15:10.507

Modified: 2023-05-25T00:43:19.120

Link: CVE-2023-32977

cve-icon Redhat

Severity : Important

Publid Date: 2023-05-16T00:00:00Z

Links: CVE-2023-32977 - Bugzilla