7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-32977

GHSA ID

GHSA-2wvv-phhw-qvmc

EPSS Score

0.73475%

CWE

CWE-79

Published

5/16/2023

Updated

1/4/2024

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-32977

CVE-2023-32977: Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting

Jenkins Pipeline: Job Plugin 1292.v27d8cc3e2602 and earlier does not escape the display name of the build that caused an earlier build to be aborted, when "Do not allow concurrent builds" is set.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

The Jenkins security team is not aware of any plugins that allow the exploitation of this vulnerability, as the build name must be set before the build starts. Pipeline: Job Plugin 1295.v395eb_7400005 escapes the display name of the build that caused an earlier build to be aborted.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-32977

CVE-2023-32977:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-32977

GHSA ID

GHSA-2wvv-phhw-qvmc

EPSS Score

0.73475%

CWE

CWE-79

Published

5/16/2023

Updated

1/4/2024

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins.workflow:workflow-job	maven	< 1295.v395eb	1295.v395eb

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unescaped rendering of build display names in the Jenkins UI. The commit diff shows the vulnerable version used raw EL expression ${it.shortDescription} instead of the Jelly <j:out> tag which auto-escapes HTML. The test case in WorkflowRunTest.java demonstrates this by setting a <script> payload as the display name and verifying no alerts are triggered after patching. The direct output of user-controlled data (build name) without escaping in summary.jelly is the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-32977: Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting

CVE-2023-32977:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2023-32977: Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI