PT-2022-27484 · Jenkins · Jenkins Naginator Plugin+1
Published
2022-11-15
·
Updated
2025-04-30
·
CVE-2022-45382
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Naginator Plugin versions 1.18.1 and earlier
Description
The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Jenkins Naginator Plugin does not escape display names of source builds in builds that were triggered via Retry action. This makes it exploitable by attackers who have the ability to edit build display names.
Recommendations
For Jenkins Naginator Plugin versions 1.18.1 and earlier, update to version 1.18.2 or later, which escapes display names of source builds, to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Naginator Plugin