First published: Tue Nov 15 2022(Updated: )
A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTP(S) URLs in test report output to clickable links, which leads to a stored Cross-site scripting (XSS) attack.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jenkins | <2-plugins-0:4.10.1675144701-1.el8 | 2-plugins-0:4.10.1675144701-1.el8 |
redhat/jenkins | <2-plugins-0:4.9.1675668922-1.el8 | 2-plugins-0:4.9.1675668922-1.el8 |
Jenkins Junit | <1160.vf1f01a_a_ea_b_7f | |
<1160.vf1f01a_a_ea_b_7f | ||
redhat/JUnit Plugin | <1160. | 1160. |
maven/org.jenkins-ci.plugins:junit | <=1159.v0b | 1160.vf1f01a_a_ea_b_7f |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45380 is a stored cross-site scripting (XSS) vulnerability in the JUnit Jenkins Plugin.
CVE-2022-45380 affects the JUnit Jenkins Plugin version 1159.v0b_396e1e07dd and earlier.
CVE-2022-45380 can be exploited by attackers with Item/Configure permission.
CVE-2022-45380 has a severity value of 8 (high).
You can find more information about CVE-2022-45380 at the following references: [Jenkins Security Advisory](https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2023:0560), [CVE-2022-45380 on Red Hat](https://access.redhat.com/security/cve/cve-2022-45380).