Lucene search

GitHub Advisory DatabaseGHSA-P86X-75J8-W4XH

HistoryDec 12, 2022 - 9:30 a.m.

Stored XSS vulnerability in Jenkins Checkmarx Plugin

2022-12-1209:30:35

CWE-79

GitHub Advisory Database

github.com

xss

checkmarx

jenkins

vulnerability

html reports

security

api

cross-site scripting

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.5%

JSON

heckmarx Plugin processes Checkmarx service API responses and generates HTML reports from them for rendering on the Jenkins UI.

Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports. This results in a stored cross-site scripting (XSS) vulnerability.

While Jenkins users without Overall/Administer permission are not allowed to configure the URL to the Checkmarx service, this could still be exploited via man-in-the-middle attacks.

Checkmarx Plugin 2022.4.3 escapes values returned from the Checkmarx service API before inserting them into HTML reports.

Affected configurations

Vulners

Node

com.checkmarx.jenkinscheckmarxRange≤2022.3.3

VendorProductVersionCPE
com.checkmarx.jenkinscheckmarx*cpe:2.3:a:com.checkmarx.jenkins:checkmarx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
com.checkmarx.jenkins	checkmarx	*	cpe:2.3:a:com.checkmarx.jenkins:checkmarx::::::::

References

github.com/advisories/GHSA-p86x-75j8-w4xh

nvd.nist.gov/vuln/detail/CVE-2022-46684

www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2869