CVE-2023-40350: XSS
First published: Wed Aug 16 2023(Updated: )
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Docker Swarm | <=1.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-40350.
What is the severity of CVE-2023-40350?
The severity of CVE-2023-40350 is high with a severity value of 7.5.
What is the affected software for CVE-2023-40350?
The affected software for CVE-2023-40350 is Jenkins Docker Swarm Plugin version 1.11 and earlier.
What is the CWE ID for CVE-2023-40350?
The CWE ID for CVE-2023-40350 is CWE-79.
How can I fix CVE-2023-40350?
To fix CVE-2023-40350, you should upgrade to a version of Jenkins Docker Swarm Plugin that is not affected by the vulnerability.
- collector/nvd-api
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-v9rw-hjr3-426h
- alias/CVE-2023-40350
- collector/github-advisory
- agent/type
- agent/first-publish-date
- agent/references
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/jenkins
- canonical/jenkins docker swarm
- version/jenkins docker swarm/1.11
- package-manager/maven