PT-2022-26905 · Jenkins · Jenkins Contrast Continuous Application Security Plugin+1

Yaroslav Afenkin

Published

2022-10-19

Updated

2025-05-08

CVE-2022-43420

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions 3.9 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape data returned from the Contrast service when generating a report. This allows attackers who can control or modify Contrast service API responses to exploit the vulnerability.

Recommendations For versions 3.9 and earlier, update to version 3.10 or later, which escapes the affected data and resolves the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-43420

GHSA-HVCR-927W-QCVQ

Affected Products

Jenkins

Jenkins Contrast Continuous Application Security Plugin

CVE-2022-43420

Weakness Enumeration

Related Identifiers

Affected Products

References · 9