Description
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Remediation
References
https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3140
Related Vulnerabilities
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_2.13
CVE-2018-8010 Vulnerability in maven package org.apache.solr:solr-core
CVE-2014-0115 Vulnerability in maven package org.apache.storm:storm-core
CVE-2023-40185 Vulnerability in npm package shescape
CVE-2021-1626 Vulnerability in maven package org.mule.runtime:mule