cvedb.io
CVE-2023-35141
HIGH · CVSS 8
EPSS exploitation probability: 0%
Published 2023-06-14T13:15:11.823 · Last modified 2026-06-17T06:04:28.603

Summary

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu.

Affected products

jenkins — jenkins

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.