CVE-2022-28145

Name of the Vulnerable Software and Affected Versions Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier

Description The issue is related to the lack of Content-Security-Policy headers in report files served by the software, resulting in a stored cross-site scripting (XSS) exploit. Attackers with Item/Configure permission or those who can control report contents can exploit this issue.

Recommendations For versions 2.3 and earlier, consider disabling the report serving feature until a patch is available, or restrict access to report files to minimize the risk of exploitation. Additionally, limiting Item/Configure permission to trusted users can help mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.