CVE-2022-28145

2022-03-2913:15:08

Google

osv.dev

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.3%

JSON

Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.

CPENameOperatorVersion
ci-with-toad-edge-plugineqci-with-toad-edge-2.2
ci-with-toad-edge-plugineqci-with-toad-edge-1.0
ci-with-toad-edge-plugineqci-with-toad-edge-2.3
ci-with-toad-edge-plugineqci-with-toad-edge-2.0
ci-with-toad-edge-plugineqci-with-toad-edge-1.2

Name	Operator	Version
ci-with-toad-edge-plugin	eq	ci-with-toad-edge-2.2
ci-with-toad-edge-plugin	eq	ci-with-toad-edge-1.0
ci-with-toad-edge-plugin	eq	ci-with-toad-edge-2.3
ci-with-toad-edge-plugin	eq	ci-with-toad-edge-2.0
ci-with-toad-edge-plugin	eq	ci-with-toad-edge-1.2