CVE-2022-46684
published 2022-12-12CVE-2022-46684: Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | checkmarx | < 2022.4.3 | 2022.4.3 |
| jenkins | checkmarx_plugin | — | — |
| jenkins | custom_build_properties_plugin | — | — |
| jenkins | gitea_plugin | — | — |
| jenkins | google_login_plugin | — | — |
| jenkins | plot_plugin | — | — |
| jenkins | sonar_gerrit_plugin | — | — |
| jenkins | spring_config_plugin | — | — |
| jenkins_project | jenkins_checkmarx_plugin | unspecified – 2022.3.3 | — |