CVE-2023-43495

CVSS v3.1 5.4 (Medium)

EPSS 0.10 % (41^th)

Affected Products 1

Advisories 3

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2023-09-20 17:15:11
(12 months ago)
Updated Date: 2023-09-23 03:45:20
(12 months ago)

Affected Products

Jenkins

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins prior 2.414.2 version	cpe:2.3:a:jenkins:jenkins::::*:lts		< 2.414.2
	Jenkins prior 2.424 version	cpe:2.3:a:jenkins:jenkins::::*:-		< 2.424