PT-2023-20285 · Jenkins · Jenkins Junit Plugin+1

Kevin Guerroudj

Publicado

2023-02-15

Atualizado

2025-03-19

CVE-2023-25761

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins JUnit Plugin versions 1166.va 436e268e972 and earlier

Description The issue results from the plugin not escaping test case class names in JavaScript expressions, leading to a stored cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by attackers who can control test case class names in the JUnit resources processed by the plugin.

Recommendations For Jenkins JUnit Plugin versions 1166.va 436e268e972 and earlier, update to a version that escapes test case class names in JavaScript expressions to prevent stored cross-site scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-25761

GHSA-PH74-8RGX-64C5

RHSA-2023:1866

RHSA-2023:3195

RHSA-2023:3198

RHSA-2023:3299

RHSA-2023:6171

RHSA-2023:6172

RHSA-2023:6179

RHSA-2023:7288

RHSA-2024:0775

RHSA-2024:0776

RHSA-2024:0777

RHSA-2024:0778

Produtos afetados

Jenkins

Jenkins Junit Plugin

PT-2023-20285 · Jenkins · Jenkins Junit Plugin+1

CVE-2023-25761

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9