High severityNVD Advisory· Published May 16, 2023· Updated Jan 23, 2025

CVE-2023-32977

Description

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins.workflow:workflow-jobMaven	< 1295.v395eb	1295.v395eb

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-job
Range: < 1295.v395eb
Jenkins Project/Jenkins Jira Pipeline Steps Plugincpe-rescue
Range: 1295.v395eb_7400005

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-2wvv-phhw-qvmcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-32977ghsaADVISORY
www.jenkins.io/security/advisory/2023-05-16/ghsavendor-advisoryWEB
github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821ghsaWEB

News mentions

Jenkins Security Advisory 2023-05-16
Jenkins Security Advisories · May 16, 2023

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000