Skip to main content

Update Center2

1 CVEs product

Monthly

CVE-2023-27905 Maven CRITICAL PATCH Act Now

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Update Center2
NVD
CVSS 3.1
9.6
EPSS
1.5%
EPSS 2% CVSS 9.6
CRITICAL PATCH Act Now

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Update Center2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy