CVE-2022-34191
published 2022-06-23CVE-2022-34191: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | agent_server_parameter_plugin | — | — |
| jenkins | beaker_builder_plugin | — | — |
| jenkins | convertigo_mobile_platform_plugin | — | — |
| jenkins | crx_content_package_deployer_plugin | — | — |
| jenkins | date_parameter_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | easyqa_plugin | — | — |
| jenkins | embeddable_build_status_plugin | — | — |
| jenkins | filesystem_list_parameter_plugin | — | — |
| jenkins | hidden_parameter_plugin | — | — |
| jenkins | image_tag_parameter_plugin | — | — |
| jenkins | improper_authorization_in_embeddable_build_status_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | jenkins_ci_server_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | jianliao_notification_plugin | — | — |
| jenkins | junit_plugin | — | — |
| jenkins | maven_metadata_plugin | — | — |
| jenkins | nested_view_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher | <= 4.8.0.77 | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | orchestrator_plugin | — | — |
| jenkins | package_version_plugin | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa5.4MEDIUM
osv5.4MEDIUM