CVE-2023-40342
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-40342 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Flaky Test Handler Plugin version 1.2.2 and earlier. The issue arises due to the plugin's failure to properly escape JUnit test contents when displaying them on the Jenkins user interface. Attackers who can manipulate the JUnit report file contents can inject malicious scripts, potentially taking control of Jenkins user sessions and executing arbitrary code. This vulnerability poses a significant risk to organizations using the affected plugin and should be addressed promptly by updating to a patched version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.