PT-2022-24514 · Jenkins · Jenkins Job Configuration History Plugin+1
Kevin Guerroudj
·
Published
2022-08-23
·
Updated
2023-11-02
·
CVE-2022-38664
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Job Configuration History Plugin versions 1165.v8cc9fd1f4597 and earlier
Description
The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the job name on the System Configuration History page is not properly escaped. Attackers who can configure job names may exploit this vulnerability.
Recommendations
For Jenkins Job Configuration History Plugin versions 1165.v8cc9fd1f4597 and earlier, update to a version that properly escapes job names on the System Configuration History page to prevent stored cross-site scripting (XSS) attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Job Configuration History Plugin