High severityNVD Advisory· Published May 14, 2025· Updated May 20, 2025
CVE-2025-47885
CVE-2025-47885
Description
Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:cloudbees-jenkins-advisorMaven | < 374.376.v3a_41a_a_142efe | 374.376.v3a_41a_a_142efe |
Affected products
2- ghsa-coordsRange: < 374.376.v3a_41a_a_142efe
- Range: 0
Patches
Vulnerability mechanics
References
4News mentions
1- Jenkins Security Advisory 2025-05-14Jenkins Security Advisories · May 14, 2025