Lucene search

K
githubGitHub Advisory DatabaseGHSA-PH74-8RGX-64C5
HistoryFeb 15, 2023 - 3:30 p.m.

Cross-site Scripting in Jenkins JUnit Plugin

2023-02-1515:30:41
CWE-79
GitHub Advisory Database
github.com
12
jenkins
junit plugin
cross-site scripting

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.3%

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

Affected configurations

Vulners
Node
org.jenkinsci.plugins\Matchjunit
CPENameOperatorVersion
org.jenkins-ci.plugins:junitle1166.va

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.3%