Moderate severityNVD Advisory· Published Mar 8, 2023· Updated Feb 28, 2025

CVE-2023-27905

Description

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci:update-center2Maven	>= 3.13, < 3.15	3.15

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci/update-center2
Range: >= 3.13, < 3.15
Jenkins Project/update-center2cpe-rescue
Range: 3.13

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-pqg3-xfx2-fmqpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-27905ghsaADVISORY
www.jenkins.io/security/advisory/2023-03-08/ghsavendor-advisoryWEB

News mentions

Jenkins Security Advisory 2023-03-08
Jenkins Security Advisories · Mar 8, 2023

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000