logo

Database

Server side cross-site scripting In org.jenkins-ci.plugins:junit

Description

Cross-site Scripting in Jenkins JUnit Plugin JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-341762. NVD-2022-341763. OSV-2022-341764. GCVE-2022-34176

References

1. https://github.com/jenkinsci/junit-plugin/commit/c43d0fc455619dd652ec87939ac3d70d6134fea12. https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.