CVE-2022-34176

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins JUnit Plugin versions 1119.va a 5e9068da d7 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability because descriptions of test results are not properly escaped. This vulnerability is exploitable by attackers with Run/Update permission.

Recommendations For versions 1119.va a 5e9068da d7 and earlier, update to a version that applies the configured markup formatter to descriptions of test results, such as version 1119.1121.vc43d0fc45561, to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-34176

GHSA-64MJ-3P92-589V

RHSA-2022:6531

RHSA-2023:0017

Affected Products

Jenkins

Jenkins Junit Plugin

CVE-2022-34176

Weakness Enumeration

Related Identifiers

Affected Products

References · 9