CVE-2022-45401

Summary

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Associated Files Pluginunspecified <= 0.2.1affected
Jenkins projectJenkins Associated Files Pluginnext of 0.2.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References