CVE-2022-36922

Name of the Vulnerable Software and Affected Versions Jenkins Lucene-Search Plugin versions 370.v62a5f618cd3a and earlier

Description The issue exists due to the lack of protection for the web page structure. Exploitation of this issue may allow a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is caused by the failure to escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability.

Recommendations For Jenkins Lucene-Search Plugin versions 370.v62a5f618cd3a and earlier, update to a version that properly escapes the search query parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the search result page until a patch is available. Avoid using the search query parameter in the affected page until the issue is resolved.