CVE-2023-35141 — HIGH (8.0)

Q: How severe is CVE-2023-35141?

CVE-2023-35141 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-35141?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.

Vulnerability Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jenkins	Jenkins	< 2.400

Related Weaknesses (CWE)

CWE-352

References

http://www.openwall.com/lists/oss-security/2023/06/14/5Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/06/14/5Mailing ListThird Party Advisory
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3135Vendor Advisory

FAQ

What is CVE-2023-35141?

CVE-2023-35141 is a vulnerability with a CVSS score of 8.0 (HIGH). In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a v...

How severe is CVE-2023-35141?

CVE-2023-35141 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-35141?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.