Lucene search
HistoryOct 19, 2022 - 4:15 p.m.
CVE-2022-43409
jenkins pipeline
apis plugin
url encoding
cross-site scripting
vulnerability
pipelines
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.3%
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
Affected configurations
Node
jenkinspipeline\Match_supporting_apisjenkins
Related
osv
osv
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
2022-10-19 19:00:22
redhatcve
redhatcve
CVE-2022-43409
2022-10-20 07:17:16
cvelist
cvelist
CVE-2022-43409
2022-10-19 00:00:00
cve
cve
CVE-2022-43409
2022-10-19 16:15:10
github
github
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
2022-10-19 19:00:22
alpinelinux
alpinelinux
CVE-2022-43409
2022-10-19 16:15:10
veracode
veracode
Cross-Site Scripting (XSS)
2022-10-20 14:53:10
prion
prion
Cross site scripting
2022-10-19 16:15:00
redhat
redhat
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.3%
Related for NVD:CVE-2022-43409