PT-2023-27400 · Jenkins · Jenkins Flaky Test Handler Plugin+1

Andrea Chiera

Publicado

2023-08-16

Atualizado

2023-08-18

CVE-2023-40342

CVSS v3.1

8.0

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Flaky Test Handler Plugin versions 1.2.2 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability, which is exploitable by attackers able to control JUnit report file contents. This occurs because the plugin does not escape JUnit test contents when showing them on the Jenkins UI.

Recommendations For Jenkins Flaky Test Handler Plugin versions 1.2.2 and earlier, update to version 1.2.3 or later, which escapes JUnit test contents when showing them on the Jenkins UI, thus resolving the stored cross-site scripting (XSS) vulnerability.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-40342

GHSA-HV48-HGP6-XPQF

Produtos afetados

Jenkins

Jenkins Flaky Test Handler Plugin

PT-2023-27400 · Jenkins · Jenkins Flaky Test Handler Plugin+1

CVE-2023-40342

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11