Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-64mj-3p92-589v

Опубликовано: 24 июн. 2022
Источник: github
Github: Прошло ревью
CVSS3: 8

Описание

Cross-site Scripting in Jenkins JUnit Plugin

JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:junit

maven
Затронутые версииВерсия исправления

< 1119.1121.vc43d0fc45561

1119.1121.vc43d0fc45561

EPSS

Процентиль: 98%
0.61912
Средний

8 High

CVSS3

CVE ID

CVE-2022-34176

Дефекты

CWE-79

Связанные уязвимости

redhat логотип

CVE-2022-34176

CVSS3: 5.4
redhat
больше 3 лет назад

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

nvd логотип

CVE-2022-34176

CVSS3: 5.4
nvd
больше 3 лет назад

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

msrc логотип

CVE-2022-34176

CVSS3: 5.4
msrc
4 месяца назад

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

EPSS

Процентиль: 98%
0.61912
Средний

8 High

CVSS3

CVE ID

CVE-2022-34176

Дефекты

CWE-79