CVE-2023-27898

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-27898

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27898.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-27898

Aliases

Related

Published

2023-03-10T21:15:15Z

Modified

2024-09-03T04:27:08.517167Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

References

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Introduced

ccd7bc3c3f436dbe8a4b382110725b3ebe220dfc

Fixed

2fe98001f3ab22c36fe3911253a1e7be658222c4

Affected versions

jenkins-2.*

jenkins-2.270

jenkins-2.271

jenkins-2.272

jenkins-2.273

jenkins-2.274

jenkins-2.275

jenkins-2.276

jenkins-2.277

jenkins-2.278

jenkins-2.279

jenkins-2.280

jenkins-2.281

jenkins-2.282

jenkins-2.283

jenkins-2.284

jenkins-2.285

jenkins-2.286

jenkins-2.287

jenkins-2.288

jenkins-2.289

jenkins-2.290

jenkins-2.291

jenkins-2.292

jenkins-2.293

jenkins-2.294

jenkins-2.295

jenkins-2.296

jenkins-2.297

jenkins-2.298

jenkins-2.299

jenkins-2.300

jenkins-2.301

jenkins-2.302

jenkins-2.303

jenkins-2.304

jenkins-2.305

jenkins-2.306

jenkins-2.307

jenkins-2.308

jenkins-2.309

jenkins-2.310

jenkins-2.311

jenkins-2.312

jenkins-2.313

jenkins-2.314

jenkins-2.315

jenkins-2.316

jenkins-2.317

jenkins-2.318

jenkins-2.319

jenkins-2.320

jenkins-2.321

jenkins-2.322

jenkins-2.323

jenkins-2.324

jenkins-2.325

jenkins-2.326

jenkins-2.327

jenkins-2.328

jenkins-2.329

jenkins-2.330

jenkins-2.331

jenkins-2.332

jenkins-2.333

jenkins-2.334

jenkins-2.335

jenkins-2.336

jenkins-2.337

jenkins-2.338

jenkins-2.339

jenkins-2.340

jenkins-2.341

jenkins-2.342

jenkins-2.343

jenkins-2.344

jenkins-2.345

jenkins-2.346

jenkins-2.347

jenkins-2.348

jenkins-2.349

jenkins-2.350

jenkins-2.351

jenkins-2.352

jenkins-2.353

jenkins-2.354

jenkins-2.355

jenkins-2.356

jenkins-2.357

jenkins-2.358

jenkins-2.359

jenkins-2.360

jenkins-2.361

jenkins-2.362

jenkins-2.363

jenkins-2.364

jenkins-2.365

jenkins-2.366

jenkins-2.367

jenkins-2.368

jenkins-2.369

jenkins-2.370

jenkins-2.371

jenkins-2.372

jenkins-2.373

jenkins-2.374

jenkins-2.375

jenkins-2.376

jenkins-2.377

jenkins-2.378

jenkins-2.379

jenkins-2.380

jenkins-2.381

jenkins-2.382

jenkins-2.383

jenkins-2.384

jenkins-2.385

jenkins-2.386

jenkins-2.387

jenkins-2.388

jenkins-2.389

jenkins-2.390

jenkins-2.391

jenkins-2.392

jenkins-2.393