CVE-2023-35144: 
Java vulnerability analysis and mitigation

Jenkins Maven Repository Server Plugin version 1.10 and earlier contains a stored cross-site scripting (XSS) vulnerability identified as CVE-2023-35144. The vulnerability was discovered and disclosed on June 14, 2023, affecting the Build Artifacts As Maven Repository page functionality. The issue stems from the plugin's failure to properly escape project and build display names (Jenkins Advisory, NVD).

The vulnerability is classified as a stored cross-site scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The security flaw exists in the Build Artifacts As Maven Repository page where project and build display names are not properly escaped before being displayed to users (NVD).

The vulnerability allows for stored cross-site scripting attacks that can be exploited by attackers who have the ability to change project or build display names in the Jenkins environment (Jenkins Advisory).

As of the advisory publication date, no fix is available for this vulnerability in the Maven Repository Server Plugin. Users should monitor for updates and implement general security best practices such as limiting access to project and build configuration capabilities (Jenkins Advisory).

The vulnerability was discovered and reported by CC Bomber from Kitri BoB, demonstrating ongoing security research efforts in the Jenkins plugin ecosystem (Jenkins Advisory).