CVE-2022-43409
published 2022-10-19CVE-2022-43409: Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_total_test_plugin | — | — |
| jenkins | bmc_ami_strobe_measurement_task_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | contrast_continuous_application_security_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | custom_checkbox_parameter_plugin | — | — |
| jenkins | cve-2022-43401_in_script_security_plugin | — | — |
| jenkins | declarative_plugin | — | — |
| jenkins | deprecated_groovy_libraries_plugin | — | — |
| jenkins | fireline_plugin | — | — |
| jenkins | generic_webhook_trigger_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | groovy_libraries_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | job_import_plugin | — | — |
| jenkins | job_plugin | — | — |
| jenkins | katalon_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | nunit_plugin | — | — |
| jenkins | pipeline | <= 838.va_3a_087b_4055b | — |
| jenkins | repo_plugin | — | — |
| jenkins | s3_explorer_plugin | — | — |