8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-43495

GHSA ID

GHSA-5j46-5hwq-gwh7

EPSS Score

0.69547%

CWE

CWE-79

Published

9/20/2023

Updated

11/12/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-43495

CVE-2023-43495: Jenkins Cross-site Scripting vulnerability

ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with.

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide caption parameter values.

As of publication, the related API is not used within Jenkins (core), and the Jenkins security team is not aware of any affected plugins. Jenkins 2.424, LTS 2.414.2 escapes caption constructor parameter values.

(GitHub Advisory)

8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-43495

GHSA ID

GHSA-5j46-5hwq-gwh7

EPSS Score

0.69547%

CWE

CWE-79

Published

9/20/2023

Updated

11/12/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	>= 2.50, < 2.414.2	2.414.2
org.jenkins-ci.main:jenkins-core	maven	>= 2.415, < 2.424	2.424

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability root cause is explicitly identified in the advisory as unescaped 'caption' parameter in ExpandableDetailsNote's constructor. While no actual patch code is shown, the consistent description across multiple sources indicates the constructor was modified to add HTML escaping. In Java profiling, constructor methods appear as <init>, making hudson.model.ExpandableDetailsNote.<init>(String) the exact vulnerable function signature that would appear when malicious caption values are processed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`*xp*n***l***t*ilsNot*` *llows *nnot*tin* *uil* lo* *ont*nt wit* ***ition*l in*orm*tion t**t **n ** r*v**l** w**n int*r**t** wit*. J*nkins *.*** *n* **rli*r, LTS *.***.* *n* **rli*r *o*s not *s**p* t** v*lu* o* t** `**ption` *onstru*tor p*r*m*t*r o*

Reasoning

T** vuln*r**ility root **us* is *xpli*itly i**nti*i** in t** **visory *s un*s**p** '**ption' p*r*m*t*r in `*xp*n***l***t*ilsNot*`'s *onstru*tor. W*il* no **tu*l p*t** *o** is s*own, t** *onsist*nt **s*ription **ross multipl* sour**s in*i**t*s t** *on

8

Basic Information

Concerned about an active attack path?

CVE-2023-43495: Jenkins Cross-site Scripting vulnerability

8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI