Stored XSS vulnerability in Jenkins VncRecorder Plugin

2022-05-2417:22:18

Google

osv.dev

0.001 Low

EPSS

Percentile

22.3%

JSON

VncRecorder Plugin 1.25 and earlier does not escape a tool path in the checkVncServ form validation endpoint accessed e.g. via job configuration forms.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.

VncRecorder Plugin 1.35 escapes the tool path.

CPENameOperatorVersion
org.jenkins-ci.plugins:vncrecordereq1.1
org.jenkins-ci.plugins:vncrecordereq1.22
org.jenkins-ci.plugins:vncrecordereq1.15
org.jenkins-ci.plugins:vncrecordereq1.13
org.jenkins-ci.plugins:vncrecordereq1.23
org.jenkins-ci.plugins:vncrecordereq1.14
org.jenkins-ci.plugins:vncrecordereq1.24
org.jenkins-ci.plugins:vncrecordereq1.21
org.jenkins-ci.plugins:vncrecordereq1.12
org.jenkins-ci.plugins:vncrecordereq1.19

Name	Operator	Version
org.jenkins-ci.plugins:vncrecorder	eq	1.1
org.jenkins-ci.plugins:vncrecorder	eq	1.22
org.jenkins-ci.plugins:vncrecorder	eq	1.15
org.jenkins-ci.plugins:vncrecorder	eq	1.13
org.jenkins-ci.plugins:vncrecorder	eq	1.23
org.jenkins-ci.plugins:vncrecorder	eq	1.14
org.jenkins-ci.plugins:vncrecorder	eq	1.24
org.jenkins-ci.plugins:vncrecorder	eq	1.21
org.jenkins-ci.plugins:vncrecorder	eq	1.12
org.jenkins-ci.plugins:vncrecorder	eq	1.19