CVE-2022-46684Cross-site Scripting in Jenkins Checkmarx

CWE-79Cross-site Scripting5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
9.0%
top 7.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins CheckmarxJenkins Project Jenkins Checkmarx Plugin
Timeline
PublishedDec 12

Description

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_checkmarx_pluginunspecified2022.3.3
NVDjenkins/checkmarx< 2022.4.3

🔴Vulnerability Details

3
OSV
Stored XSS vulnerability in Jenkins Checkmarx Plugin2022-12-12
GHSA
Stored XSS vulnerability in Jenkins Checkmarx Plugin2022-12-12
CVEList
CVE-2022-46684: Jenkins Checkmarx Plugin 20222022-12-07

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-12-072022-12-07
CVE-2022-46684 — Cross-site Scripting in Jenkins | cvebase