Search for packages
| purl | pkg:rpm/redhat/jenkins-2-plugins@4.10.1681719745-1?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-quvj-3tpk-qug1
Aliases: CVE-2023-25761 GHSA-ph74-8rgx-64c5 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | There are no reported fixed by versions. |
|
VCID-zxcj-h6nx-m7gq
Aliases: CVE-2023-25762 GHSA-9j65-3f2q-8q2r |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:55:18.586932+00:00 | RedHat Importer | Affected by | VCID-zxcj-h6nx-m7gq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25762.json | 38.0.0 |
| 2026-04-01T13:55:18.248098+00:00 | RedHat Importer | Affected by | VCID-quvj-3tpk-qug1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json | 38.0.0 |