CVE-2022-43432

2022-10-1916:15:11

[email protected]

web.nvd.nist.gov

jenkins

cve-2022-43432

xss

vulnerability

security

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

Affected configurations

NVD

Node

jenkinsxframium_builderRange≤1.0.22wordpress

CPENameOperatorVersion
jenkins:xframium_builderjenkins xframium builderle1.0.22

CPE	Name	Operator	Version
jenkins:xframium_builder	jenkins xframium builder	le	1.0.22

CNA Affected

[
  {
    "product": "Jenkins XFramium Builder Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.22",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.0.22",
        "versionType": "custom"
      }
    ]
  }
]