Lucene search
JenkinsCVELIST:CVE-2022-43409HistoryOct 19, 2022 - 12:00 a.m.
CVE-2022-43409
2022-10-1900:00:00
jenkins
www.cve.org
1
jenkins
pipeline
stored xss
cve-2022-43409
cross-site scripting
vulnerability
apis
hyperlinks
post requests
build logs
pipelines
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
CNA Affected
[
{
"product": "Jenkins Pipeline: Supporting APIs Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "838.va_3a_087b_4055b",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "827.829.v01c0a_3d76c4f"
}
]
}
]Related
osv
osv
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
2022-10-19 19:00:22
cve
cve
CVE-2022-43409
2022-10-19 16:15:10
github
github
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
2022-10-19 19:00:22
alpinelinux
alpinelinux
CVE-2022-43409
2022-10-19 16:15:10
redhatcve
redhatcve
CVE-2022-43409
2022-10-20 07:17:16
prion
prion
Cross site scripting
2022-10-19 16:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-10-20 14:53:10
nvd
nvd
CVE-2022-43409
2022-10-19 16:15:10
redhat
redhat
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00