PT-2022-18858 · Jenkins · Jenkins Tests Selector Plugin+1
Kevin Guerroudj
·
Published
2022-03-29
·
Updated
2023-11-03
·
CVE-2022-28159
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Tests Selector Plugin versions 1.3.3 and earlier
Description
The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the Properties File Path option for Choosing Tests parameters is not properly escaped. Attackers with Item/Configure permission can exploit this vulnerability.
Recommendations
For Jenkins Tests Selector Plugin versions 1.3.3 and earlier, consider disabling the Properties File Path option for Choosing Tests parameters until a patch is available. Restrict access to the Choosing Tests parameters to minimize the risk of exploitation. Avoid using the Properties File Path option in the affected plugin until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Tests Selector Plugin