CVE-2023-32984: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 16, 2023 (updated May 17, 2023)

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

References

github.com/advisories/GHSA-h3hg-r97v-5r9w
nvd.nist.gov/vuln/detail/CVE-2023-32984
www.jenkins.io/security/advisory/2023-05-16/

Detect and mitigate CVE-2023-32984 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →