PT-2025-21238 · Cloudbees+1 · Jenkins Health Advisor By Cloudbees Plugin+1
Daniel Beck
·
Published
2025-05-14
·
Updated
2025-06-12
·
CVE-2025-47885
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Jenkins Health Advisor by CloudBees Plugin versions 374.v194b d4f0c8c8 and earlier
Description:
The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the plugin does not escape responses from the Jenkins Health Advisor server, making it exploitable by attackers who can control these responses.
Recommendations:
For versions 374.v194b d4f0c8c8 and earlier, update to a version that properly escapes responses from the Jenkins Health Advisor server to prevent stored XSS attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Health Advisor By Cloudbees Plugin