CVE-2023-25761

Summary

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins JUnit Pluginunspecified <= 1166.va_436e268e972affected
Jenkins ProjectJenkins JUnit Plugin1119.1124.va_a_8ccde5658funaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References