Description
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Remediation
References
https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3140
Related Vulnerabilities
CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash
CVE-2019-10316 Vulnerability in maven package org.jenkins-ci.plugins:aqua-microscanner
CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2023-29198 Vulnerability in npm package electron
CVE-2023-32991 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp