Security Advisory

CVE-2023-43495

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-20 16:06:09
Last updated 2024-09-24 18:51:56
Assigner jenkins
State PUBLISHED

Description

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.