CVE-2023-40350

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Aug 18, 2023
CWE ID 79

Summary

CVE-2023-40350 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Docker Swarm Plugin version 1.11 and earlier. This issue arises from the plugin's failure to properly escape values obtained from Docker before inserting them into the Docker Swarm Dashboard view. As a result, attackers who can manipulate Docker responses are able to inject malicious scripts, potentially gaining unauthorized access or stealing sensitive information from unsuspecting users. To mitigate this risk, users are advised to upgrade to the latest version of the Jenkins Docker Swarm Plugin or consider implementing other security measures, such as input validation and output encoding techniques.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share