CVE-2023-4303: HTML injection vulnerability in Fortify Plugin
First published: Mon Aug 21 2023(Updated: )
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Credit: security@opentext.com security@opentext.com security@opentext.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Fortify | <22.2.39 | |
| maven/org.jenkins-ci.plugins:fortify | <=22.1.38 | 22.2.39 |
| <22.2.39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-4303?
The severity of CVE-2023-4303 is medium with a CVSS score of 6.1.
What is the vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier?
The vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier is an HTML injection vulnerability.
How does Jenkins Fortify Plugin 22.2.39 fix the vulnerability?
Jenkins Fortify Plugin 22.2.39 fixes the vulnerability by removing HTML tags from the error message.
Where can I find more information about CVE-2023-4303?
You can find more information about CVE-2023-4303 on the Jenkins security advisory, NVD, and GitHub.
What is the CWE category of CVE-2023-4303?
The CWE category of CVE-2023-4303 is CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-223m-pgcq-f3xg
- alias/CVE-2023-4303
- collector/nvd-cve
- collector/github-advisory
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/title
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/jenkins
- canonical/jenkins fortify
- package-manager/maven