CVE-2022-28145

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 57.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Continuous Integration With Toad Edge Plugin Jenkins Continuous Integration With Toad Edge

Timeline

PublishedMar 29

Latest updateMar 30

Description

Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_continuous_integration_with_toad_edge_pluginunspecified — 2.3

▶NVDjenkins/continuous_integration_with_toad_edge2.3

▶Mavenorg.jenkins-ci.plugins:ci-with-toad-edge< 2.4

🔴Vulnerability Details

GHSA

Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin↗2022-03-30

▶

OSV

Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin↗2022-03-30

▶

CVEList

CVE-2022-28145: Jenkins Continuous Integration with Toad Edge Plugin 2↗2022-03-29

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-03-29↗2022-03-29

▶