Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-10-25T13:45:53.053Z

Updated: 2024-09-17T14:05:54.759Z

Reserved: 2023-10-24T16:05:00.959Z

Link: CVE-2023-46650

cve-icon Vulnrichment

Updated: 2024-08-02T20:53:20.941Z

cve-icon NVD

Status : Modified

Published: 2023-10-25T18:17:39.943

Modified: 2024-11-21T08:28:58.570

Link: CVE-2023-46650

cve-icon Redhat

No data.