PT-2022-20416 · Jenkins · Jenkins Application Detector Plugin+1
Daniel Beck
+2
·
Published
2022-05-17
·
Updated
2023-11-02
·
CVE-2022-30960
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Application Detector Plugin versions 1.0.8 and earlier
Description
The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape the name of Chois Application Version parameters on views displaying parameters. This vulnerability is exploitable by attackers with Item/Configure permission.
Recommendations
For Jenkins Application Detector Plugin versions 1.0.8 and earlier, consider disabling the parameter display for Chois Application Version until a patch is available. Restrict access to views displaying parameters to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Application Detector Plugin