CVE-2023-43495 — Vulnetix

CVE-2023-43495 PUBLISHED

Jenkins LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.

EPSS 0.78% · 74.0th percentile

Risk Scores

EPSS Score

0.78%

74.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	0
Bitnami	jenkins	0

Timeline

Sep 20, 2023 CVE Published
Sep 20, 2023 PoC Published
Sep 22, 2023 EPSS Score
Sep 23, 2023 CVE Updated
Mar 17, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 25, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 5, 2025 EPSS Score
Apr 8, 2025 EPSS Score

References

http://www.openwall.com/lists/oss-security/2023/09/20/5 url
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 url
https://nvd.nist.gov/vuln/detail/CVE-2023-43495 url

Open in Interactive Console →