PT-2023-27404 · Jenkins · Jenkins Shortcut Job Plugin+1
Kevin Guerroudj
·
Published
2023-08-16
·
Updated
2023-08-18
·
CVE-2023-40346
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins Shortcut Job Plugin versions 0.4 and earlier
Description
The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Jenkins Shortcut Job Plugin does not escape the shortcut redirection URL, making it exploitable by attackers who can configure shortcut jobs. This allows attackers to inject malicious scripts into the system.
Recommendations
For Jenkins Shortcut Job Plugin versions 0.4 and earlier, update to version 0.5 or later, which escapes the shortcut redirection URL and resolves the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Shortcut Job Plugin