Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2023-39151
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.
| Software | From | Fixed in |
|---|---|---|
org.jenkins-ci.main / jenkins-core
|
- | 2.401.3 |
| jenkins / jenkins | - | 2.415.x |
| jenkins / jenkins | - | 2.401.2.x |
|
org.jenkins-ci.main / jenkins-core
|
2.415 | 2.415.x |
|
org.jenkins-ci.main / jenkins-core
|
2.415 | 2.416 |
|
org.jenkins-ci.main / jenkins-core
|
2.402 | 2.414.1 |
- http://www.openwall.com/lists/oss-security/2023/07/26/2
- https://github.com/CVEProject/cvelist/blob/975222d6e43b5b1296dbc8a67d03704a1d2554e8/2023/39xxx/CVE-2023-39151.json
- https://github.com/jenkinsci/jenkins/commit/1b9f1ccdbb7d00705b036d1332908fe52c2cd7ae
- https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188