CVE-2023-35145

Name of the Vulnerable Software and Affected Versions Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier

Description The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are not correctly escaped. This vulnerability can be exploited by attackers with Item/Configure permission.

Recommendations For Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier, update to a version that correctly escapes the file path and the project name for the Log file field form validation to prevent stored cross-site scripting attacks. As a temporary workaround, consider restricting access to the Log file field form validation for users with Item/Configure permission until a patch is available.