logo

Database

Reflected cross-site scripting (XSS) In org.jenkins-ci.plugins:lucene-search

Description

Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the search result page.

This results in a reflected cross-site scripting (XSS) vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-369222. NVD-2022-369223. OSV-2022-369224. GCVE-2022-36922

References

1. https://github.com/jenkinsci/lucene-search-plugin/commit/5f9fd00d83a5a73a7b9579e8139b3db3a9065ed22. https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-28123. http://www.openwall.com/lists/oss-security/2022/07/27/1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.