VYPR
Medium severity5.4NVD Advisory· Published Sep 20, 2023· Updated Jun 17, 2026

CVE-2023-43495

CVE-2023-43495

Description

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 2.50, < 2.414.22.414.2
org.jenkins-ci.main:jenkins-coreMaven
>= 2.415, < 2.4242.424

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

1