PT-2022-25756 · Jenkins · Jenkins Walti Plugin+1
Wadeck Follonier
·
Published
2022-09-21
·
Updated
2025-05-28
·
CVE-2022-41240
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins Walti Plugin versions 1.0.1 and earlier
Description
The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape the information provided by the Walti API, making it exploitable by attackers who can provide malicious API responses from Walti.
Recommendations
For Jenkins Walti Plugin versions 1.0.1 and earlier, consider disabling the plugin until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Walti API to minimize the risk of malicious responses.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Walti Plugin