Stored XSS in Jenkins Docker Swarm Plugin 1.11
CVE-2023-40350 Published on August 16, 2023

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.

Vendor Advisory NVD

Products Associated with CVE-2023-40350

Want to know whenever a new CVE is published for Jenkins Docker Swarm? stack.watch will email you.

Jenkins Docker Swarm

Affected Versions

Jenkins Project Jenkins Docker Swarm Plugin:

Before and including 1.11 is affected.

Exploit Probability

EPSS

2.69%

Percentile

85.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Stored XSS in Jenkins Docker Swarm Plugin 1.11CVE-2023-40350 Published on August 16, 2023

Products Associated with CVE-2023-40350

Affected Versions

Exploit Probability

Stored XSS in Jenkins Docker Swarm Plugin 1.11
CVE-2023-40350 Published on August 16, 2023