Back to search
CVE-2023-27898
Published: Mar 8, 2023
Modified: Feb 28, 2025
PUBLISHED
Description
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
| Vendor | Product | Versions |
|---|---|---|
Jenkins Project | Jenkins | affected 2.270 - < 2.* |
References
Jenkins Security Advisory 2023-03-08
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now