CVE-2023-40342: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

August 16, 2023 (updated August 18, 2023)

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

References

www.openwall.com/lists/oss-security/2023/08/16/3
nvd.nist.gov/vuln/detail/CVE-2023-40342
www.jenkins.io/security/advisory/2023-08-16/

Detect and mitigate CVE-2023-40342 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →