CVE-2023-40342

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Aug 18, 2023
CWE ID 79

Summary

CVE-2023-40342 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Flaky Test Handler Plugin version 1.2.2 and earlier. The issue arises due to the plugin's failure to properly escape JUnit test contents when displaying them on the Jenkins user interface. Attackers who can manipulate the JUnit report file contents can inject malicious scripts, potentially taking control of Jenkins user sessions and executing arbitrary code. This vulnerability poses a significant risk to organizations using the affected plugin and should be addressed promptly by updating to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share