CVE-2022-45380

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier

Description The issue is related to the conversion of HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability. This vulnerability is exploitable by attackers with Item/Configure permission.

Recommendations For Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier, update to a version that no longer converts URLs to clickable links, such as version 1160.vf1f01a a ea b 7f or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-45380

GHSA-298R-5C48-7Q2R

RHSA-2023:0560

RHSA-2023:0777

Affected Products

Jenkins

Jenkins Junit Plugin

CVE-2022-45380

Weakness Enumeration

Related Identifiers

Affected Products

References · 8