CVE-2023-35143

Name of the Vulnerable Software and Affected Versions Jenkins Maven Repository Server Plugin versions 1.10 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the versions of build artifacts on the Build Artifacts As Maven Repository page are not escaped, allowing attackers who can control Maven project versions in pom.xml to exploit this vulnerability.

Recommendations For Jenkins Maven Repository Server Plugin versions 1.10 and earlier, update to a version later than 1.10 to resolve the issue. As a temporary workaround, consider restricting access to the Build Artifacts As Maven Repository page to minimize the risk of exploitation. Avoid using untrusted Maven project versions in pom.xml until the issue is resolved.