Jenkins Advisory 2023-03-08: CVE-2023-27905: XSS vulnerability in update-center2

分享
https://www.ishack.org/topic/9526.html/
粉丝

发布于3月6日3月6日

Members

Jenkins Advisory 2023-03-08: CVE-2023-27905: XSS vulnerability in update-center2

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

03/09/2023

Created

03/10/2023

Added

03/09/2023

Modified

01/28/2025

Description

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

Solution(s)

jenkins-lts-upgrade-2_375_4
jenkins-upgrade-2_394

References

https://attackerkb.com/topics/cve-2023-27905
CVE - 2023-27905
https://jenkins.io/security/advisory/2023-03-08/

查看数 726
已创建 3月6日3月6日
最后回复 3月6日3月6日

https://www.ishack.org/topic/9526.html/

粉丝

转到主题列表

登录

Jenkins Advisory 2023-03-08: CVE-2023-27905: XSS vulnerability in update-center2

recommended_posts

Jenkins Advisory 2023-03-08: CVE-2023-27905: XSS vulnerability in update-center2

Description

Solution(s)

References

欢迎来到红帽社区

社区动态

红龙逆向工具箱2025最新版(ISHACK改良版)

修改底部版权信息

ips4.7升级到5.x版本问题。

IPS Invision Community 经常自动退出登录解决

网站程序安装中文语言包时没有中文选项？Debian中文包

帐户

导航

搜索