CVE-2022-41229

Name of the Vulnerable Software and Affected Versions Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.134 and earlier

Description The issue results from the plugin not escaping configuration options of the Execute NetStorm/NetCloud Test build step, leading to a stored cross-site scripting (XSS) vulnerability. This vulnerability is exploitable by attackers with Item/Configure permission.

Recommendations For versions 4.8.0.134 and earlier, update to version 4.8.0.147 or later to resolve the issue. As a temporary workaround, consider restricting access to the Execute NetStorm/NetCloud Test build step to minimize the risk of exploitation.