Home > Vulnerability Database > CVE-2023-32984

Mend.io Vulnerability Database

CVE-2023-32984

Good to know:

Date: May 16, 2023

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

Language: Java

Severity Score

5.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32984

Url: https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047

Url: https://github.com/jenkinsci/testng-plugin-plugin/commit/5f3d83ca56c0657fc09af7ea70cfbdd691adeaab

Url: https://www.mend.io/vulnerability-database/CVE-2023-32984

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:testng-plugin:730.v4c5283037693

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32984

Good to know:

Date: May 16, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?