VDB

CVE-2023-27898

CVE-2023-27898 PUBLISHED

Jenkins LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

EPSS 2.38% · 85.3th percentile

Risk Scores

EPSS Score
2.38%
85.3th percentile

Affected Products

VendorProductVersions
Bitnamijenkins2.270.0
Bitnamijenkins2.270.0

Exploit Intelligence

…and 1 more exploits

Timeline

  • Mar 8, 2023 CVE Published
  • Mar 9, 2023 EPSS Score
  • Apr 17, 2023 EPSS Score
  • Jul 4, 2023 EPSS Score
  • Aug 12, 2023 EPSS Score
  • Oct 28, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score
  • Jan 14, 2024 EPSS Score
  • Apr 1, 2024 EPSS Score
  • May 10, 2024 EPSS Score
  • Jul 27, 2024 EPSS Score
  • Sep 4, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›