CVE-2022-45380

Summary

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins JUnit Pluginunspecified <= 1159.v0b_396e1e07ddaffected
Jenkins projectJenkins JUnit Plugin1143.1145.v81b_b_9579a_019unaffected
Jenkins projectJenkins JUnit Plugin1119.1122.v750e65d31b_db_unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References