CVE-2023-32977

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins.workflow/workflow-job

Identifiers

GHSA-2wvv-phhw-qvmc, CVE-2023-32977

Package Slug

maven/org.jenkins-ci.plugins.workflow/workflow-job

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

Affected Versions

All versions before 1295.v395eb

Solution

Upgrade to version 1295.v395eb or above.

Last Modified

2023-05-17

source