Bug 2239937 (CVE-2023-43495) - CVE-2023-43495 jenkins: Stored cross site scripting in ExpandableDetailsNote class
Summary: CVE-2023-43495 jenkins: Stored cross site scripting in ExpandableDetailsNote ...
Keywords:
Status: NEW
Alias: CVE-2023-43495
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Sayan Biswas
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2240098
TreeView+ depends on / blocked
 
Reported: 2023-09-20 21:10 UTC by Pedro Sampaio
Modified: 2024-05-02 18:49 UTC (History)
7 users (show)

Fixed In Version: jenkins 2.424, jenkins LTS 2.414.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Jenkins weekly and LTS, which are vulnerable to cross-site scripting caused by improper validation of user-supplied input by the caption constructor parameter of ExpandableDetailsNote. This issue could allow a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim's Web browser in the hosting Web site, and then steal the victim's cookie-based authentication credentials.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2023-09-20 21:10:27 UTC
ExpandableDetailsNote allows annotating build log content with additional information that can be revealed and interacted with.

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide caption parameter values.

As of publication, the related API is not used within Jenkins (core), and the Jenkins security team is not aware of any affected plugins.

Jenkins 2.424, LTS 2.414.2 escapes caption constructor parameter values.

References:

https://www.jenkins.io/security/advisory/2023-09-20/


Note You need to log in before you can comment on or make changes to this bug.