CVE-2023-35146

Name of the Vulnerable Software and Affected Versions Jenkins Template Workflows Plugin versions 41.v32d86a 313b 4a and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the plugin does not escape names of jobs used as building blocks for Template Workflow Job. Attackers who can create jobs may exploit this vulnerability.

Recommendations For Jenkins Template Workflows Plugin versions 41.v32d86a 313b 4a and earlier, consider disabling the Template Workflow Job feature until a patch is available to prevent exploitation of the stored cross-site scripting vulnerability. Restrict access to job creation to minimize the risk of exploitation.