Vulnerability Description
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Maven Repository Server | <= 1.10 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/06/14/5Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3156Vendor Advisory
- http://www.openwall.com/lists/oss-security/2023/06/14/5Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3156Vendor Advisory
FAQ
What is CVE-2023-35143?
CVE-2023-35143 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS...
How severe is CVE-2023-35143?
CVE-2023-35143 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35143?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Maven Repository Server.