PT-2023-27400 · Jenkins · Jenkins Flaky Test Handler Plugin+1

Andrea Chiera

Published

2023-08-16

Updated

2023-08-18

CVE-2023-40342

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Flaky Test Handler Plugin versions 1.2.2 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability, which is exploitable by attackers able to control JUnit report file contents. This occurs because the plugin does not escape JUnit test contents when showing them on the Jenkins UI.

Recommendations For Jenkins Flaky Test Handler Plugin versions 1.2.2 and earlier, update to version 1.2.3 or later, which escapes JUnit test contents when showing them on the Jenkins UI, thus resolving the stored cross-site scripting (XSS) vulnerability.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-40342

GHSA-HV48-HGP6-XPQF

Affected Products

Jenkins

Jenkins Flaky Test Handler Plugin

PT-2023-27400 · Jenkins · Jenkins Flaky Test Handler Plugin+1

CVE-2023-40342

Weakness Enumeration

Related Identifiers

Affected Products

References · 11