CVE-2023-28669

Name of the Vulnerable Software and Affected Versions Jenkins JaCoCo Plugin versions 3.3.2 and earlier

Description The issue is a stored cross-site scripting (XSS) vulnerability. It occurs because class and method names shown on the UI are not escaped, allowing attackers who can control input files for the 'Record JaCoCo coverage report' post-build action to exploit this vulnerability.

Recommendations For versions 3.3.2 and earlier, update to version 3.3.2.1 or later, which escapes class and method names shown on the UI, addressing the stored cross-site scripting (XSS) vulnerability.