CVE-2022-43434
published 2022-10-19CVE-2022-43434: Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_total_test_plugin | — | — |
| jenkins | bmc_ami_strobe_measurement_task_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | contrast_continuous_application_security_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | custom_checkbox_parameter_plugin | — | — |
| jenkins | cve-2022-43401_in_script_security_plugin | — | — |
| jenkins | declarative_plugin | — | — |
| jenkins | deprecated_groovy_libraries_plugin | — | — |
| jenkins | fireline_plugin | — | — |
| jenkins | generic_webhook_trigger_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | groovy_libraries_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | job_import_plugin | — | — |
| jenkins | job_plugin | — | — |
| jenkins | katalon_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | neuvector_vulnerability_scanner | <= 1.20 | — |
| jenkins | nunit_plugin | — | — |
| jenkins | repo_plugin | — | — |
| jenkins | s3_explorer_plugin | — | — |