vulnerability
Red Hat OpenShift: CVE-2023-25762: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | 2023-02-15 | 2023-05-10 | 2025-04-14 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
2023-02-15
Added
2023-05-10
Modified
2025-04-14
Description
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
Solution
linuxrpm-upgrade-jenkins-2-plugins
References
- CVE-2023-25762
- https://attackerkb.com/topics/CVE-2023-25762
- REDHAT-RHSA-2023:1866
- REDHAT-RHSA-2023:3195
- REDHAT-RHSA-2023:3198
- REDHAT-RHSA-2023:3299
- REDHAT-RHSA-2023:6171
- REDHAT-RHSA-2023:6172
- REDHAT-RHSA-2023:6179
- REDHAT-RHSA-2023:7288
- REDHAT-RHSA-2024:0775
- REDHAT-RHSA-2024:0776
- REDHAT-RHSA-2024:0777
- REDHAT-RHSA-2024:0778
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.