CVE-2023-32977

Summary

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Pipeline: Job Plugin1295.v395eb_7400005 < *unaffected
Jenkins ProjectJenkins Pipeline: Job Plugin1289.1291.vb_7c188e7e7df < 1289.*unaffected
Jenkins ProjectJenkins Pipeline: Job Plugin1207.1209.v69351208a_5a_7 < 1207.*unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References