VDB
CVE-2023-27898
CVE-2023-27898
PUBLISHED
Jenkins LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
EPSS 2.38% · 85.3th percentile
Risk Scores
EPSS Score
2.38%
85.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 2.270.0 |
| Bitnami | jenkins | 2.270.0 |
Exploit Intelligence
- Jenkins Security Advisory 2023-03-08 (circl)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
- 2164.html (github-poc)
…and 1 more exploits
Timeline
- Mar 8, 2023 CVE Published
- Mar 9, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- Jul 4, 2023 EPSS Score
- Aug 12, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Apr 1, 2024 EPSS Score
- May 10, 2024 EPSS Score
- Jul 27, 2024 EPSS Score
- Sep 4, 2024 EPSS Score