CVE-2022-41239

Summary

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins DotCi Pluginunspecified <= 2.40.00affected
Jenkins projectJenkins DotCi Pluginnext of 2.40.00 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References