vulnerability

FreeBSD: VID-A0321B74-031D-485C-BB76-EDD75256A6F0 (CVE-2023-39151): jenkins -- Stored XSS vulnerability

Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
2023-07-26
Added
2023-07-27
Modified
2025-01-28

Description

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.

Solution(s)

freebsd-upgrade-package-jenkinsfreebsd-upgrade-package-jenkins-lts
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.