GHSA-v9rw-hjr3-426h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v9rw-hjr3-426h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-v9rw-hjr3-426h/GHSA-v9rw-hjr3-426h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v9rw-hjr3-426h
- Aliases
-
- CVE-2023-40350
- Published
- 2023-08-16T15:30:18Z
- Modified
- 2024-02-16T08:23:30.340742Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
- Details
-
Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view.
Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
As of publication of this advisory, there is no fix.
- Database specific
{ "nvd_published_at": "2023-08-16T15:15:12Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-16T21:05:21Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:docker-swarm
Package
- Name
- org.jenkins-ci.plugins:docker-swarm
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/docker-swarm