VYPR
High severity8.0NVD Advisory· Published Jun 14, 2023· Updated Jun 17, 2026

CVE-2023-35141

CVE-2023-35141

Description

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
< 2.4002.400

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

1