CVE-2022-28145
published 2022-03-29CVE-2022-28145: Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bitbucket_server_integration_plugin | — | — |
| jenkins | complexity_scatter_plot_plugin | — | — |
| jenkins | continuous_integration_with_toad_edge | <= 2.3 | — |
| jenkins | continuous_integration_with_toad_edge_plugin | — | — |
| jenkins | flaky_test_handler_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jiratestresultreporter_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | phoenix_autotest_plugin | — | — |
| jenkins | proxmox_plugin | — | — |
| jenkins | rocketchat_notifier_plugin | — | — |
| jenkins | sitemonitor_plugin | — | — |
| jenkins | some_reports_generated_by_this_plugin | — | — |
| jenkins | tests_selector_plugin | — | — |
| jenkins | windows_in_continuous_integration_with_toad_edge_plugin | — | — |
| jenkins_project | jenkins_continuous_integration_with_toad_edge_plugin | unspecified – 2.3 | — |