GHSA-69vw-3pcm-84rw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-69vw-3pcm-84rw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-69vw-3pcm-84rw/GHSA-69vw-3pcm-84rw.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-69vw-3pcm-84rw
- Aliases
- Published
- 2023-07-26T15:30:57Z
- Modified
- 2023-12-06T00:48:06.896898Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins Stored Cross-site Scripting vulnerability
- Details
-
Jenkins applies formatting to the console output of builds, transforming plain URLs into hyperlinks. Jenkins 2.415 and earlier, 2.414 and earlier, and LTS 2.401.2 and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. Jenkins 2.416, 2.414.1, and LTS 2.401.3 encodes URLs of affected hyperlink annotations in build logs.
- Database specific
{ "nvd_published_at": "2023-07-26T14:15:10Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed_at": "2023-07-26T22:35:39Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-39151
- https://github.com/jenkinsci/jenkins/commit/1b9f1ccdbb7d00705b036d1332908fe52c2cd7ae
- https://github.com/CVEProject/cvelist/blob/975222d6e43b5b1296dbc8a67d03704a1d2554e8/2023/39xxx/CVE-2023-39151.json
- https://github.com/jenkinsci/jenkins
- https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188
- http://www.openwall.com/lists/oss-security/2023/07/26/2
Affected packages
Maven / org.jenkins-ci.main:jenkins-core
Package
- Name
- org.jenkins-ci.main:jenkins-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/jenkins-core
Maven / org.jenkins-ci.main:jenkins-core
Package
- Name
- org.jenkins-ci.main:jenkins-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/jenkins-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.401.3
Affected versions
1.*
1.396
1.397
1.398
1.399
1.400
1.401
1.403
1.404
1.405
1.406
1.407
1.408
1.409
1.409.1
1.409.2
1.409.3
1.410
1.411
1.412
1.413
1.414
1.415
1.416
1.417
1.418
1.419
1.420
1.421
1.422
1.423
1.424
1.424.1
1.424.2
1.424.3
1.424.4
1.424.5
1.424.6
1.425
1.426
1.427
1.428
1.429
1.430
1.431
1.432
1.433
1.434
1.435
1.436
1.437
1.438
1.439
1.440
1.441
1.442
1.443
1.444
1.445
1.446
1.447
1.447.1
1.447.2
1.448
1.449
1.450
1.451
1.452
1.453
1.454
1.455
1.456
1.457
1.458
1.459
1.460
1.461
1.462
1.463
1.464
1.465
1.466
1.466.1
1.466.2
1.467
1.468
1.469
1.470
1.471
1.472
1.473
1.474
1.475
1.476
1.477
1.478
1.479
1.480
1.480.1
1.480.2
1.480.3
1.481
1.482
1.483
1.484
1.485
1.486
1.487
1.488
1.489
1.490
1.491
1.492
1.493
1.494
1.495
1.496
1.497
1.498
1.499
1.500
1.501
1.502
1.503
1.504
1.505
1.506
1.507
1.508
1.509
1.509.1
1.509.2
1.509.2.JENKINS-8856-diag
1.509.2.JENKINS-14362-jzlib
1.509.3
1.509.3.JENKINS-14362-jzlib
1.509.4
1.510
1.511
1.512
1.513
1.514
1.515
1.516
1.516.JENKINS-14362-jzlib
1.517
1.518
1.518.JENKINS-14362-jzlib
1.519
1.520
1.521
1.522
1.523
1.524
1.525
1.526
1.527
1.528
1.529
1.530
1.531
1.532
1.532.1
1.532.1.JENKINS-19453
1.532.2
1.532.2.JENKINS-21622-diag
1.532.2.JENKINS-22395-diag
1.532.3
1.532.3.JENKINS-22395
1.532.3.JENKINS-22395-2
1.533
1.534
1.535
1.536
1.537
1.538
1.539
1.540
1.541
1.542
1.543
1.544
1.545
1.546
1.547
1.548
1.549
1.550
1.551
1.552
1.553
1.554
1.554.1
1.554.2
1.554.3
1.554.3.JENKINS-18065-ALLRM-all
1.554.3.JENKINS-18065-JENKINS-23945
1.555
1.556
1.557
1.558
1.559
1.560
1.561
1.562
1.563
1.564
1.565
1.565.1
1.565.1.JENKINS-22395-dropLinks
1.565.2
1.565.3
1.566
1.567
1.568
1.569
1.570
1.571
1.572
1.573
1.574
1.575
1.576
1.577
1.578
1.579
1.580
1.580.1
1.580.2
1.580.3
1.581
1.582
1.583
1.584
1.585
1.586
1.587
1.588
1.589
1.590
1.591
1.592
1.593
1.594
1.595
1.596
1.596.1
1.596.2
1.596.3
1.597
1.598
1.599
1.600
1.601
1.602
1.604
1.605
1.606
1.607
1.608
1.609
1.609.1
1.609.2
1.609.3
1.610
1.611
1.612
1.613
1.614
1.615
1.616
1.617
1.618
1.619
1.620
1.621
1.622
1.623
1.624
1.625
1.625.1
1.625.2
1.625.3
1.626
1.627
1.628
1.629
1.630
1.631
1.632
1.633
1.634
1.635
1.636
1.637
1.638
1.639
1.640
1.641
1.642
1.642.1
1.642.2
1.642.3
1.642.4
1.643
1.644
1.645
1.646
1.647
1.648
1.649
1.650
1.651
1.651.1
1.651.2
1.651.3
1.652
1.653
1.654
1.655
1.656
1.657
1.658
2.*
2.0-alpha-1
2.0-alpha-2
2.0-alpha-3
2.0-alpha-4
2.0-beta-1
2.0-beta-2
2.0-rc-1
2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.7.1
2.7.2
2.7.3
2.7.4
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.19.1
2.19.2
2.19.3
2.19.4
2.20
2.21
2.22
2.23
2.24
2.25
2.26
2.27
2.28
2.29
2.30
2.31
2.32
2.32.1
2.32.2
2.32.3
2.33
2.34
2.35
2.36
2.37
2.38
2.39
2.40
2.41
2.42
2.43
2.44
2.45
2.46
2.46.1
2.46.2
2.46.3
2.47
2.48
2.49
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.57
2.58
2.59
2.60
2.60.1
2.60.2
2.60.3
2.61
2.62
2.63
2.64
2.65
2.66
2.67
2.68
2.69
2.70
2.71
2.72
2.73
2.73.1
2.73.2
2.73.3
2.74
2.75
2.76
2.77
2.78
2.79
2.80
2.81
2.82
2.83
2.84
2.85
2.86
2.87
2.88
2.89
2.89.1
2.89.2
2.89.3
2.89.4
2.90
2.91
2.92
2.93
2.94
2.95
2.96
2.97
2.98
2.99
2.100
2.101
2.102
2.103
2.104
2.105
2.106
2.107
2.107.1
2.107.2
2.107.3
2.108
2.109
2.110
2.111
2.112
2.113
2.114
2.115
2.116
2.117
2.118
2.119
2.120
2.121
2.121.1
2.121.2
2.121.3
2.122
2.123
2.124
2.125
2.126
2.127
2.128
2.129
2.130
2.131
2.132
2.133
2.134
2.135
2.136
2.137
2.138
2.138.1
2.138.2
2.138.3
2.138.4
2.140
2.141
2.142
2.143
2.144
2.145
2.146
2.147
2.148
2.149
2.150
2.150.1
2.150.2
2.150.3
2.151
2.152
2.153
2.154
2.155
2.156
2.157
2.158
2.159
2.160
2.161
2.162
2.163
2.164
2.164.1
2.164.2
2.164.3
2.165
2.166
2.167
2.168
2.169
2.170
2.171
2.172
2.173
2.174
2.175
2.176
2.176.1
2.176.2
2.176.3
2.176.4
2.177
2.178
2.179
2.180
2.181
2.182
2.183
2.184
2.185
2.186
2.187
2.189
2.190
2.190.1
2.190.2
2.190.3
2.191
2.192
2.193
2.194
2.195
2.196
2.197
2.198
2.199
2.200
2.201
2.202
2.203
2.204
2.204.1
2.204.2
2.204.3
2.204.4
2.204.5
2.204.6
2.205
2.206
2.207
2.208
2.209
2.210
2.211
2.212
2.213
2.214
2.215
2.216
2.217
2.218
2.219
2.220
2.221
2.222
2.222.1
2.222.3
2.222.4
2.223
2.224
2.225
2.226
2.227
2.228
2.229
2.230
2.231
2.232
2.233
2.234
2.235
2.235.1
2.235.2
2.235.3
2.235.4
2.235.5
2.236
2.237
2.238
2.239
2.240
2.241
2.242
2.243
2.244
2.245
2.246
2.247
2.248
2.249
2.249.1
2.249.2
2.249.3
2.250
2.251
2.252
2.253
2.254
2.255
2.256
2.257
2.258
2.259
2.260
2.261
2.262
2.263
2.263.1
2.263.2
2.263.3
2.263.4
2.264
2.265
2.266
2.267
2.268
2.269
2.270
2.271
2.272
2.273
2.274
2.275
2.276
2.277
2.277.1
2.277.2
2.277.3
2.277.4
2.278
2.279
2.280
2.281
2.282
2.283
2.284
2.285
2.286
2.287
2.288
2.289
2.289.1
2.289.2
2.289.3
2.290
2.291
2.292
2.293
2.294
2.295
2.296
2.297
2.298
2.299
2.300
2.301
2.302
2.303
2.303.1
2.303.2
2.303.3
2.304
2.305
2.306
2.307
2.308
2.309
2.311
2.312
2.313
2.314
2.315
2.316
2.317
2.318
2.319
2.319.1
2.319.2
2.319.3
2.320
2.321
2.322
2.323
2.324
2.325
2.326
2.327
2.328
2.329
2.330
2.331
2.332
2.332.1
2.332.2
2.332.3
2.332.4
2.333
2.334
2.335
2.336
2.337
2.338
2.339
2.340
2.341
2.342
2.343
2.344
2.345
2.346
2.346.1
2.346.2
2.346.3
2.347
2.348
2.349
2.350
2.354
2.355
2.356
2.357
2.358
2.359
2.360
2.361
2.361.1
2.361.2
2.361.3
2.361.4
2.362
2.363
2.364
2.365
2.366
2.367
2.368
2.369
2.370
2.371
2.372
2.373
2.374
2.375
2.375.1
2.375.2
2.375.3
2.375.4
2.376
2.377
2.378
2.379
2.380
2.381
2.382
2.383
2.384
2.385
2.386
2.387
2.387.1
2.387.2
2.387.3
2.388
2.389
2.390
2.391
2.392
2.393
2.394
2.395
2.396
2.397
2.398
2.399
2.400
2.401
2.401.1
2.401.2
Maven / org.jenkins-ci.main:jenkins-core
Package
- Name
- org.jenkins-ci.main:jenkins-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/jenkins-core