CVE-2023-35144 — Stored XSS vulnerability in Jenkins Maven Repository Server Plugin

Description

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.

How to fix CVE-2023-35144

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2023-35144 being exploited?

Moderate — EPSS is 7.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, <= 1.10

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-35144
WEBwww.jenkins.io/security/advisory/2023-06-14/#SECURITY-2951
WEBwww.openwall.com/lists/oss-security/2023/06/14/5