Base Score

HIGH8.8

CVE-2025-47885

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.

VectorNETWORK

Published Byjenkinsci-cert@googlegroups.com

Published DateMay 14, 2025, 21:15

Affected Versions(1)

org.jenkins-ci.plugins:cloudbees-jenkins-advisor(Maven)

Introduced0

Fixed374.376.v3a_41a_a_142efe

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.jenkins-ci.plugins:cloudbees-jenkins-advisor(Maven)	0	374.376.v3a_41a_a_142efe	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3559

Base Score

HIGH8.8

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH