Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mv77-fj63-q5w8

GitHub Security Advisory

Stored XSS vulnerability in Jenkins GitHub Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

GitHub Plugin 1.37.3.1 escapes GitHub project URL on the build page when showing changes.

Affected Packages

Maven com.coravy.hudson.plugins.github:github
Affected versions: 0 (fixed in 1.37.3.1)

Related CVEs

CVE-2023-46650

Key Information

GHSA ID
GHSA-mv77-fj63-q5w8
Published
October 25, 2023 6:32 PM
Last Modified
November 2, 2023 4:47 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
com.coravy.hudson.plugins.github:github
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.