Vulnerability in Jenkins Project Pipeline: Build Step Plugin
CVE-2023-25762
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able…
EPSS: 0.653 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Pipeline: Build Step Plugin — versions unspecified
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2023-25762?
- CVE-2023-25762 is a vulnerability in Jenkins Project Pipeline: Build Step Plugin. Published 2023-02-15.
- Is CVE-2023-25762 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.