CVE-2022-34176: XSS
First published: Wed Jun 22 2022(Updated: )
A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jenkins | <2-plugins-0:4.10.1663147786-1.el8 | 2-plugins-0:4.10.1663147786-1.el8 |
| redhat/jenkins | <2-plugins-0:4.8.1672842762-1.el8 | 2-plugins-0:4.8.1672842762-1.el8 |
| redhat/jenkins | <2-plugins-0:4.9.1667460322-1.el8 | 2-plugins-0:4.9.1667460322-1.el8 |
| Jenkins Junit | <=1119.va_a_5e9068da_d7 | |
| <=1119.va_a_5e9068da_d7 | ||
| redhat/JUnit Plugin | <1119.1121. | 1119.1121. |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760
- https://nvd.nist.gov/vuln/detail/CVE-2022-34176
- https://access.redhat.com/errata/RHSA-2023:0017
- https://access.redhat.com/security/cve/cve-2022-34176
- https://bugzilla.redhat.com/show_bug.cgi?id=2103548
- https://www.cve.org/CVERecord?id=CVE-2022-34176 https://nvd.nist.gov/vuln/detail/CVE-2022-34176 https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760
- https://access.redhat.com/errata/RHSA-2022:6531
- https://access.redhat.com/errata/RHBA-2022:8582
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-34176?
CVE-2022-34176 has a high severity level due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2022-34176?
To fix CVE-2022-34176, update the Jenkins JUnit Plugin to version 1119.1121 or later.
What impact does CVE-2022-34176 have on my Jenkins installation?
CVE-2022-34176 can lead to manipulation of the integrity of the Jenkins interface by allowing the injection of arbitrary HTML and script code.
Which versions of the Jenkins JUnit Plugin are affected by CVE-2022-34176?
CVE-2022-34176 affects Jenkins JUnit Plugin versions up to and including 1119.va_a_5e9068da_d7.
Is my Jenkins installation vulnerable if I am using older versions of the JUnit Plugin?
Yes, if you are using Jenkins JUnit Plugin versions earlier than 1119.1121, your installation is vulnerable to CVE-2022-34176.
- collector/redhat-cve
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-34176
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat
- vendor/jenkins
- canonical/jenkins junit
- version/jenkins junit/1119.va_a_5e9068da_d7