CVE-2022-25185 – org.jenkins-ci.plugins:generic-webhook-trigger

Package

Manager: maven
Name: org.jenkins-ci.plugins:generic-webhook-trigger
Vulnerable Version: >=0 <1.82

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.12295 pctl0.93616

Details

Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Metadata

Created: 2022-02-16T00:01:29Z
Modified: 2023-10-27T16:36:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-qqwx-hcp6-25vr/GHSA-qqwx-hcp6-25vr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qqwx-hcp6-25vr
Finding: F425
Auto approve: 1