CVE-2023-35146
Published: 14 June 2023
Summary
CVE-2023-35146 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Jenkins Template Workflows. Its CVSS base score is 5.4 (Medium).
Operationally, ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is a stored cross-site scripting flaw (CWE-79) in the Jenkins Template Workflows Plugin, specifically versions 41.v32d86a_313b_4a and earlier. It stems from insufficient escaping of job names that serve as building blocks for Template Workflow Jobs, allowing malicious input to be persisted and later rendered in other users' browsers.
Attackers with permission to create jobs can exploit the issue by supplying crafted job names. Successful exploitation results in a stored XSS payload that executes in the context of other users, yielding limited impacts on confidentiality and integrity as reflected in the CVSS 5.4 score.
The Jenkins security advisory 2023-06-14 and the associated OpenWall oss-security postings document the flaw under SECURITY-3166 and outline remediation steps for affected installations. The EPSS score has remained flat at 0.1536 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-1708
Vulnerability details
Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.