vulnerability
FreeBSD: VID-A0321B74-031D-485C-BB76-EDD75256A6F0 (CVE-2023-39151): jenkins -- Stored XSS vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | 2023-07-26 | 2023-07-27 | 2025-01-28 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
2023-07-26
Added
2023-07-27
Modified
2025-01-28
Description
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.
Solution(s)
freebsd-upgrade-package-jenkinsfreebsd-upgrade-package-jenkins-lts
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.