mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 10:41:43 +00:00
23 lines
1.1 KiB
Markdown
23 lines
1.1 KiB
Markdown
|
### [CVE-2023-27898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27898)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
No PoCs from references.
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/Inplex-sys/CVE-2022-23093
|
||
|
|
- https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins
|
||
|
|
- https://github.com/Threekiii/CVE
|
||
|
|
- https://github.com/gquere/pwn_jenkins
|
||
|
|
- https://github.com/karimhabush/cyberowl
|
||
|
|
|