CVE-2022-41229
published 2022-09-21CVE-2022-41229: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | anchore_container_image_scanner_plugin | — | — |
| jenkins | apprenda_plugin | — | — |
| jenkins | bigpanda_notifier_plugin | — | — |
| jenkins | bmc_ami_common_configuration_plugin | — | — |
| jenkins | cons3rt_plugin | — | — |
| jenkins | dotci_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | lack_of_authentication_mechanism_in_dotci_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher | <= 4.8.0.134 | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | rqm_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | scm_httpclient_plugin | — | — |
| jenkins | security_inspector_plugin | — | — |
| jenkins | smalltest_plugin | — | — |
| jenkins | this_could_create_confusion_in_users_of_the_plugin | — | — |
| jenkins | urls_of_jenkins_servers_that_the_plugin | — | — |
| jenkins | view26_test-reporting_plugin | — | — |
| jenkins | walti_plugin | — | — |
| jenkins | wildfly_deployer_plugin | — | — |
| jenkins | worksoft_execution_manager_plugin | — | — |
| jenkins_project | jenkins_ns-nd_integration_performance_publisher_plugin | unspecified – 4.8.0.134 | — |