CVE-2023-35143

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 14, 2023

Updated: Jun 23, 2023

CWE ID 79

Summary

CVE-2023-35143 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Maven Repository Server Plugin version 1.10 and earlier. This issue arises due to the plugin's failure to properly escape versions of build artifacts displayed on the Build Artifacts As Maven Repository page. An attacker who can manipulate `pom.xml` files in maven projects can exploit this vulnerability by injecting malicious scripts, potentially leading to unauthorized access or data theft within Jenkins environments.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rozIC2
https://www.cve.org/CVERecord?id=CVE-2023-35143
https://nvd.nist.gov/vuln/detail/CVE-2023-35143

Back to Vulnerability Database

CVE-2023-35143

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations