CVE-2023-46659: XSS
First published: Wed Oct 25 2023(Updated: )
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Edgewall Trac | <=1.13 | |
| maven/org.jenkins-ci.plugins:trac | <=1.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Jenkins Edgewall Trac Plugin vulnerability?
The vulnerability ID is CVE-2023-46659.
What is the severity of CVE-2023-46659?
The severity of CVE-2023-46659 is medium.
What is the affected software for CVE-2023-46659?
The affected software is Jenkins Edgewall Trac Plugin version 1.13 and earlier.
What is the CWE ID for CVE-2023-46659?
The CWE ID for CVE-2023-46659 is CWE-79.
How can I fix the Jenkins Edgewall Trac Plugin vulnerability (CVE-2023-46659)?
To fix the vulnerability, update to Jenkins Edgewall Trac Plugin version 1.14 or later.
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-jwx3-2hq3-682c
- alias/CVE-2023-46659
- collector/github-advisory
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins edgewall trac
- version/jenkins edgewall trac/1.13
- package-manager/maven