CVE-2023-41944

Name of the Vulnerable Software and Affected Versions Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier

Description The issue is related to an HTML injection vulnerability. It occurs when the queue name parameter passed to a form validation URL is not escaped, resulting in the vulnerability when rendering an error message.

Recommendations For versions 3.0.12 and earlier, update to a version later than 3.0.12 to resolve the issue. As a temporary workaround, consider restricting access to the form validation URL to minimize the risk of exploitation.