{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27898", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2023-03-07T09:35:48.506Z", "datePublished": "2023-03-08T17:14:48.437Z", "dateUpdated": "2024-08-02T12:23:30.482Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Jenkins", "vendor": "Jenkins Project", "versions": [{"changes": [{"at": "2.375.4", "status": "unaffected"}, {"at": "2.376", "status": "affected"}, {"at": "2.387.1", "status": "unaffected"}, {"at": "2.388", "status": "affected"}, {"at": "2.394", "status": "unaffected"}], "lessThan": "2.*", "status": "affected", "version": "2.270", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T12:49:02.967Z"}, "references": [{"name": "Jenkins Security Advisory 2023-03-08", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:30.482Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2023-03-08", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "C866B7BB-0E83-4962-BA8A-26132E657778", "versionEndExcluding": "2.394", "versionStartIncluding": "2.270", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "FE2DDC0F-D71A-4825-A72E-CE59553415AC", "versionEndExcluding": "2.375.4", "versionStartIncluding": "2.277.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances."}], "id": "CVE-2023-27898", "lastModified": "2024-11-21T07:53:39.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-10T21:15:15.403", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3663", "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8", "package": "jenkins-0:2.401.1.1686831596-3.el8", "product_name": "OpenShift Developer Tools and Services for OCP 4.11", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:1655", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "jenkins-0:2.387.1.1680701869-1.el8", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2023-04-12T00:00:00Z"}], "bugzilla": {"description": "Jenkins: XSS vulnerability in plugin manager", "id": "2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-79", "details": ["Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances."], "name": "CVE-2023-27898", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2023-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-27898\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-27898\nhttps://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"], "statement": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "threat_severity": "Important", "upstream_fix": "LTS 2.375.4, LTS 2.387.1, Jenkins 2.394"}