CVE-2023-40350
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-40350 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Docker Swarm Plugin version 1.11 and earlier. This issue arises from the plugin's failure to properly escape values obtained from Docker before inserting them into the Docker Swarm Dashboard view. As a result, attackers who can manipulate Docker responses are able to inject malicious scripts, potentially gaining unauthorized access or stealing sensitive information from unsuspecting users. To mitigate this risk, users are advised to upgrade to the latest version of the Jenkins Docker Swarm Plugin or consider implementing other security measures, such as input validation and output encoding techniques.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.