GHSA-9pvw-8q92-hm9w

Source

https://github.com/advisories/GHSA-9pvw-8q92-hm9w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-9pvw-8q92-hm9w/GHSA-9pvw-8q92-hm9w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9pvw-8q92-hm9w

Aliases

CVE-2023-35143

Published

2023-06-14T15:30:37Z

Modified

2024-02-16T08:23:17.353513Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Details

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in pom.xml.

Database specific

{
    "nvd_published_at": "2023-06-14T13:15:11Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2024-01-30T23:12:52Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Maven / jenkins:repository

Package

Name: jenkins:repository; View open source insights on deps.dev
Purl: pkg:maven/jenkins/repository

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.10

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.6

0.6.1

0.7

0.8

0.9

0.11

1.*

1.0

1.2

1.3

1.7

1.8

1.9

1.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-9pvw-8q92-hm9w/GHSA-9pvw-8q92-hm9w.json"