CVE-2023-40342: Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
jenkins	blue_ocean_plugin	—	—
jenkins	config_file_provider_plugin	—	—
jenkins	delphix_plugin	—	—
jenkins	docker_swarm_plugin	—	—
jenkins	favorite_view_plugin	—	—
jenkins	flaky_test_handler	<= 1.2.2	—
jenkins	flaky_test_handler_plugin	—	—
jenkins	folders_plugin	—	—
jenkins	fortify_plugin	—	—
jenkins	gogs_plugin	—	—
jenkins	improper_masking_of_credentials_in_nodejs_plugin	—	—
jenkins	nodejs_plugin	—	—
jenkins	shortcut_job_plugin	—	—
jenkins	tuleap_authentication_plugin	—	—
jenkins_project	jenkins_flaky_test_handler_plugin	<= 1.2.2	—