CVE-2023-32977 - Vulnerability Details - OpenCVE

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Jenkins	Pipeline\
Redhat	Ocp Tools Openshift

Configuration 1 [-]

cpe:2.3:a:jenkins:pipeline\:_job:*:*:*:*:*:jenkins:*:*

Package	CPE	Advisory	Released Date
OCP-Tools-4.12-RHEL-8
jenkins-2-plugins-0:4.12.1686649756-1.el8	cpe:/a:redhat:ocp_tools:4.12::el8	RHSA-2023:3610	2023-06-15T00:00:00Z
OpenShift Developer Tools and Services for OCP 4.11
jenkins-2-plugins-0:4.11.1686831822-1.el8	cpe:/a:redhat:ocp_tools:4.11::el8	RHSA-2023:3663	2023-06-19T00:00:00Z
Red Hat OpenShift Container Platform 4.10
jenkins-2-plugins-0:4.10.1685679861-1.el8	cpe:/a:redhat:openshift:4.10::el8	RHSA-2023:3625	2023-06-23T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2023-32977
https://www.cve.org/CVERecord?id=CVE-2023-32977
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042

History

Thu, 23 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-05-16T15:59:58.835Z

Updated: 2025-01-23T16:06:00.914Z

Reserved: 2023-05-16T10:55:43.517Z

Link: CVE-2023-32977

Vulnrichment

Updated: 2024-08-02T15:32:46.593Z

NVD

Status : Modified

Published: 2023-05-16T16:15:10.507

Modified: 2025-01-23T16:15:29.433

Link: CVE-2023-32977

Redhat

Severity : Important

Publid Date: 2023-05-16T00:00:00Z

Links: CVE-2023-32977 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32977", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2023-05-16T10:55:43.517Z", "datePublished": "2023-05-16T15:59:58.835Z", "dateUpdated": "2025-01-23T16:06:00.914Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Jenkins Pipeline: Job Plugin", "vendor": "Jenkins Project", "versions": [{"lessThan": "*", "status": "unaffected", "version": "1295.v395eb_7400005", "versionType": "maven"}, {"lessThan": "1289.*", "status": "unaffected", "version": "1289.1291.vb_7c188e7e7df", "versionType": "maven"}, {"lessThan": "1207.*", "status": "unaffected", "version": "1207.1209.v69351208a_5a_7", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T12:49:56.591Z"}, "references": [{"name": "Jenkins Security Advisory 2023-05-16", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:32:46.593Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2023-05-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-23T16:05:56.614369Z", "id": "CVE-2023-32977", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-23T16:06:00.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "name": "Jenkins Security Advisory 2023-05-16", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:32:46.593Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-32977", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-23T16:05:56.614369Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-23T16:05:41.313Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins Pipeline: Job Plugin", "versions": [{"status": "unaffected", "version": "1295.v395eb_7400005", "lessThan": "*", "versionType": "maven"}, {"status": "unaffected", "version": "1289.1291.vb_7c188e7e7df", "lessThan": "1289.*", "versionType": "maven"}, {"status": "unaffected", "version": "1207.1209.v69351208a_5a_7", "lessThan": "1207.*", "versionType": "maven"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "name": "Jenkins Security Advisory 2023-05-16", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T12:49:56.591Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32977", "state": "PUBLISHED", "dateUpdated": "2025-01-23T16:06:00.914Z", "dateReserved": "2023-05-16T10:55:43.517Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2023-05-16T15:59:58.835Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:pipeline\\:_job:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "7CBFC105-D5D1-4B90-A8A5-C254F3AF73BC", "versionEndIncluding": "1292.v27d8cc3e2602", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately."}], "id": "CVE-2023-32977", "lastModified": "2025-01-23T16:15:29.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-16T16:15:10.507", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3610", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-2-plugins-0:4.12.1686649756-1.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2023-06-15T00:00:00Z"}, {"advisory": "RHSA-2023:3663", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-2-plugins-0:4.11.1686831822-1.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3625", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "jenkins-2-plugins-0:4.10.1685679861-1.el8", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-06-23T00:00:00Z"}], "bugzilla": {"description": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", "id": "2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-79", "details": ["Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.", "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."], "name": "CVE-2023-32977", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2023-05-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-32977\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32977\nhttps://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"], "statement": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won'tfix.", "threat_severity": "Important"}