CVE-2022-29049 – org.jenkins-ci.plugins:promoted-builds

Package

Manager: maven
Name: org.jenkins-ci.plugins:promoted-builds
Vulnerable Version: >=0 <3.10.1 || >=3.11 <876.v99d29788b

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03051 pctl0.86172

Details

Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL Jenkins promoted builds Plugin provides dedicated support for defining promotions using [Job DSL Plugin](https://plugins.jenkins.io/job-dsl). promoted builds Plugin 873.v6149db_d64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with an unsafe name. As a result, the promotion name could be used for cross-site scripting (XSS) or to replace other `config.xml` files. promoted builds Plugin 876.v99d29788b_36b_ and 3.10.1 validates the name of promotions.

Metadata

Created: 2022-04-13T00:00:16Z
Modified: 2023-05-22T19:32:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-jmxr-w2jc-qp7w/GHSA-jmxr-w2jc-qp7w.json
CWE IDs: ["CWE-20", "CWE-79"]
Alternative ID: GHSA-jmxr-w2jc-qp7w
Finding: F184
Auto approve: 1