CVE-2023-35141
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins Project | Jenkins | 2.400 < * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
- http://www.openwall.com/lists/oss-security/2023/06/14/5
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135
- http://www.openwall.com/lists/oss-security/2023/06/14/5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.