CVE-2023-32984

MEDIUM5.4EPSS 17.4%

Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability

Published: 5/16/2023Modified: 2/16/2024

Description

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file. TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72 escapes the affected values that are parsed from TestNG report files.

Affected packages (1)

Maven/org.jenkins-ci.plugins:testng-pluginfrom 0, < 730.732.v959a

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-32984
WEBhttps://github.com/jenkinsci/testng-plugin-plugin/commit/5f3d83ca56c0657fc09af7ea70cfbdd691adeaab
WEBhttps://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047