CVE-2023-41944

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/aws-codecommit-trigger

Identifiers

GHSA-g4qf-5523-7wvf, CVE-2023-41944

Package Slug

maven/org.jenkins-ci.plugins/aws-codecommit-trigger

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.

Affected Versions

All versions up to 3.0.12

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-01-31

source