CVE-2023-43495
20.09.2023, 17:15
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.
| Vendor | Product | Version |
|---|---|---|
| jenkins | jenkins | 𝑥 < 2.414.2 |
| jenkins | jenkins | 𝑥 < 2.424 |
𝑥
= Vulnerable software versions