Jenkins Fortify Plugin 22.1.38: HTML Injection via Unescaped Error Message
CVE-2023-4303 Published on August 21, 2023
HTML injection vulnerability in Fortify Plugin
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Vulnerability Analysis
CVE-2023-4303 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-4303 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-4303
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-4303 are published in Jenkins Fortify:
Affected Versions
Jenkins Project Jenkins Fortify Plugin:- Before and including 22.1.38 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.