CVE-2023-40350

Name of the Vulnerable Software and Affected Versions Jenkins Docker Swarm Plugin versions 1.11 and earlier

Description The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by attackers who can control responses from Docker. The vulnerability allows remote attackers to conduct cross-site scripting attacks using a specially crafted link.

Recommendations For Jenkins Docker Swarm Plugin versions 1.11 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Docker Swarm Dashboard view to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved or a patch is available.