CVE-2023-4303: Jenkins Fortify Plugin HTML injection vulnerability

August 21, 2023 (updated August 24, 2023)

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.

References

github.com/advisories/GHSA-223m-pgcq-f3xg
github.com/jenkinsci/fortify-plugin/commit/357d7bfbcb0ff796ea7d078bee13159f1d000f5d
nvd.nist.gov/vuln/detail/CVE-2023-4303
www.jenkins.io/security/advisory/2023-08-16/

Detect and mitigate CVE-2023-4303 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →