CVE-2023-27898
- Source
- https://cve.org/CVERecord?id=CVE-2023-27898
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-27898.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-27898
- Aliases
- Downstream
- Related
- Published
- 2023-03-10T21:15:15.403Z
- Modified
- 2026-04-12T06:37:43.798522Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
- References
Affected packages
Git / github.com/jenkinsci/jenkins
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/jenkins
- Events
- Database specific
{ "source": "CPE_FIELD", "cpe": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" ], "extracted_events": [ { "introduced": "2.270" }, { "fixed": "2.394" }, { "introduced": "2.277.1" }, { "fixed": "2.375.4" } ] }
Affected versions
jenkins-2.*
jenkins-2.270
jenkins-2.271
jenkins-2.272
jenkins-2.273
jenkins-2.274
jenkins-2.276
jenkins-2.277
jenkins-2.278
jenkins-2.279
jenkins-2.280
jenkins-2.281
jenkins-2.282
jenkins-2.283
jenkins-2.284
jenkins-2.285
jenkins-2.286
jenkins-2.287
jenkins-2.288
jenkins-2.289
jenkins-2.290
jenkins-2.291
jenkins-2.292
jenkins-2.293
jenkins-2.294
jenkins-2.295
jenkins-2.296
jenkins-2.297
jenkins-2.298
jenkins-2.299
jenkins-2.301
jenkins-2.302
jenkins-2.303
jenkins-2.304
jenkins-2.305
jenkins-2.306
jenkins-2.307
jenkins-2.308
jenkins-2.309
jenkins-2.310
jenkins-2.311
jenkins-2.312
jenkins-2.313
jenkins-2.314
jenkins-2.316
jenkins-2.317
jenkins-2.318
jenkins-2.319
jenkins-2.320
jenkins-2.321
jenkins-2.322
jenkins-2.323
jenkins-2.324
jenkins-2.325
jenkins-2.326
jenkins-2.327
jenkins-2.328
jenkins-2.329
jenkins-2.330
jenkins-2.331
jenkins-2.332
jenkins-2.333
jenkins-2.334
jenkins-2.335
jenkins-2.336
jenkins-2.337
jenkins-2.338
jenkins-2.339
jenkins-2.340
jenkins-2.341
jenkins-2.342
jenkins-2.343
jenkins-2.344
jenkins-2.345
jenkins-2.346
jenkins-2.347
jenkins-2.348
jenkins-2.349
jenkins-2.350
jenkins-2.351
jenkins-2.352
jenkins-2.353
jenkins-2.354
jenkins-2.355
jenkins-2.356
jenkins-2.357
jenkins-2.358
jenkins-2.359
jenkins-2.360
jenkins-2.361
jenkins-2.362
jenkins-2.363
jenkins-2.364
jenkins-2.365
jenkins-2.366
jenkins-2.367
jenkins-2.368
jenkins-2.369
jenkins-2.371
jenkins-2.372
jenkins-2.373
jenkins-2.374
jenkins-2.375
jenkins-2.375.1
jenkins-2.375.1-rc
jenkins-2.375.2
jenkins-2.375.2-rc
jenkins-2.375.3
jenkins-2.375.3-rc
jenkins-2.376
jenkins-2.377
jenkins-2.378
jenkins-2.379
jenkins-2.380
jenkins-2.381
jenkins-2.382
jenkins-2.383
jenkins-2.384
jenkins-2.385
jenkins-2.386
jenkins-2.387
jenkins-2.388
jenkins-2.389
jenkins-2.390
jenkins-2.391
jenkins-2.392
jenkins-2.393