PT-2023-24117 · Jenkins · Jenkins Testng Results Plugin+1

Valdes Che Zogou

Published

2023-05-16

Updated

2023-05-25

CVE-2023-32984

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins TestNG Results Plugin versions 730.v4c5283037693 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape several values parsed from TestNG report files and displayed on the plugin's test information pages. This makes it exploitable by attackers who can provide a crafted TestNG report file.

Recommendations For Jenkins TestNG Results Plugin versions 730.v4c5283037693 and earlier, update to version 730.732.v959a 3a a eb a 72 or later, which escapes the affected values that are parsed from TestNG report files.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-32984

GHSA-H3HG-R97V-5R9W

Affected Products

Jenkins

Jenkins Testng Results Plugin

PT-2023-24117 · Jenkins · Jenkins Testng Results Plugin+1

CVE-2023-32984

Weakness Enumeration

Related Identifiers

Affected Products

References · 6