High severity8.0NVD Advisory· Published Jun 14, 2023· Updated Jun 17, 2026
CVE-2023-35141
CVE-2023-35141
Description
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.400 | 2.400 |
Affected products
3- osv-coords2 versions
< 2.401.1+ 1 more
- (no CPE)range: < 2.401.1
- (no CPE)range: < 2.400
- Range: 2.400
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2023/06/14/5nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-98fp-r22g-wpj7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-35141ghsaADVISORY
- www.jenkins.io/security/advisory/2023-06-14/nvdVendor AdvisoryWEB
- github.com/CVEProject/cvelist/blob/f37e157216b8e5e64a6db80b7b68bde0088277fe/2023/35xxx/CVE-2023-35141ghsaWEB
News mentions
1- Jenkins Security Advisory 2023-06-14Jenkins Security Advisories · Jun 14, 2023