QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-25762

Back to search

CVE-2023-25762

Published: Feb 15, 2023

Modified: Mar 19, 2025

PUBLISHED

Description

Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.

VendorProductVersions

Jenkins Project

Jenkins Pipeline: Build Step Plugin

affected
unspecified - <= 2.18

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now