CVE-2023-35144

Name of the Vulnerable Software and Affected Versions Jenkins Maven Repository Server Plugin versions 1.10 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape project and build display names on the Build Artifacts As Maven Repository page. This allows for the storage of malicious scripts that can be executed when the page is viewed.

Recommendations For Jenkins Maven Repository Server Plugin versions 1.10 and earlier, update to a version later than 1.10 to resolve the issue. As a temporary workaround, consider restricting access to the Build Artifacts As Maven Repository page to minimize the risk of exploitation.