Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-05-16T15:59:58.835Z
Updated: 2024-08-02T15:32:46.593Z
Reserved: 2023-05-16T10:55:43.517Z
Link: CVE-2023-32977
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-16T16:15:10.507
Modified: 2024-11-21T08:04:19.993
Link: CVE-2023-32977
Redhat