CVE-2023-27898

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-27898
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-27898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-27898
Aliases
Related
Published
2023-03-10T21:15:15Z
Modified
2024-10-12T10:48:34.169705Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/jenkins
Events

Affected versions

jenkins-2.*

jenkins-2.270
jenkins-2.271
jenkins-2.272
jenkins-2.273
jenkins-2.274
jenkins-2.275
jenkins-2.276
jenkins-2.277
jenkins-2.278
jenkins-2.279
jenkins-2.280
jenkins-2.281
jenkins-2.282
jenkins-2.283
jenkins-2.284
jenkins-2.285
jenkins-2.286
jenkins-2.287
jenkins-2.288
jenkins-2.289
jenkins-2.290
jenkins-2.291
jenkins-2.292
jenkins-2.293
jenkins-2.294
jenkins-2.295
jenkins-2.296
jenkins-2.297
jenkins-2.298
jenkins-2.299
jenkins-2.300
jenkins-2.301
jenkins-2.302
jenkins-2.303
jenkins-2.304
jenkins-2.305
jenkins-2.306
jenkins-2.307
jenkins-2.308
jenkins-2.309
jenkins-2.310
jenkins-2.311
jenkins-2.312
jenkins-2.313
jenkins-2.314
jenkins-2.315
jenkins-2.316
jenkins-2.317
jenkins-2.318
jenkins-2.319
jenkins-2.320
jenkins-2.321
jenkins-2.322
jenkins-2.323
jenkins-2.324
jenkins-2.325
jenkins-2.326
jenkins-2.327
jenkins-2.328
jenkins-2.329
jenkins-2.330
jenkins-2.331
jenkins-2.332
jenkins-2.333
jenkins-2.334
jenkins-2.335
jenkins-2.336
jenkins-2.337
jenkins-2.338
jenkins-2.339
jenkins-2.340
jenkins-2.341
jenkins-2.342
jenkins-2.343
jenkins-2.344
jenkins-2.345
jenkins-2.346
jenkins-2.347
jenkins-2.348
jenkins-2.349
jenkins-2.350
jenkins-2.351
jenkins-2.352
jenkins-2.353
jenkins-2.354
jenkins-2.355
jenkins-2.356
jenkins-2.357
jenkins-2.358
jenkins-2.359
jenkins-2.360
jenkins-2.361
jenkins-2.362
jenkins-2.363
jenkins-2.364
jenkins-2.365
jenkins-2.366
jenkins-2.367
jenkins-2.368
jenkins-2.369
jenkins-2.370
jenkins-2.371
jenkins-2.372
jenkins-2.373
jenkins-2.374
jenkins-2.375
jenkins-2.376
jenkins-2.377
jenkins-2.378
jenkins-2.379
jenkins-2.380
jenkins-2.381
jenkins-2.382
jenkins-2.383
jenkins-2.384
jenkins-2.385
jenkins-2.386
jenkins-2.387
jenkins-2.388
jenkins-2.389
jenkins-2.390
jenkins-2.391
jenkins-2.392
jenkins-2.393