CVE-2023-40350
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2023-40350. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
Available Exploits
Related News
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
GHSA-v9rw-hjr3-426hAdvisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: August 16, 2023, Modified: August 16, 2023