CVE-2023-46650

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions 1.37.3 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the GitHub project URL on the build page is not properly escaped when showing changes. Attackers with Item/Configure permission can exploit this vulnerability.

Recommendations For Jenkins GitHub Plugin versions 1.37.3 and earlier, update to version 1.37.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the build page for users with Item/Configure permission until the update is applied.