CVE-2022-34176Cross-site Scripting in Project Jenkins Junit Plugin

CWE-79Cross-site Scripting7 documents7 sources
Severity
5.4MEDIUMNVD
EPSS
56.0%
top 1.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Junit PluginJenkins Junit
Timeline
PublishedJun 23
Latest updateJun 24

Description

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_junit_pluginunspecified1119.va_a_5e9068da_d7
NVDjenkins/junit1119.va_a_5e9068da_d7

🔴Vulnerability Details

3
OSV
Cross-site Scripting in Jenkins JUnit Plugin2022-06-24
GHSA
Cross-site Scripting in Jenkins JUnit Plugin2022-06-24
CVEList
CVE-2022-34176: Jenkins JUnit Plugin 11192022-06-22

📋Vendor Advisories

3
Red Hat
jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin2022-06-23
Jenkins
Jenkins Security Advisory 2022-06-222022-06-22
Microsoft
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Up2022-06-14
CVE-2022-34176 — Cross-site Scripting | cvebase