Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-34176

Опубликовано: 23 июн. 2022
Источник: redhat
CVSS3: 5.4

Описание

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11jenkins-2-pluginsWill not fix
Red Hat OpenShift Container Platform 4.10jenkins-2-pluginsFixedRHSA-2022:653121.09.2022
Red Hat OpenShift Container Platform 4.8jenkins-2-pluginsFixedRHSA-2023:001712.01.2023
Red Hat OpenShift Container Platform 4.9jenkins-2-pluginsFixedRHBA-2022:858223.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2103548jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-34176

CVSS3: 5.4
nvd
больше 3 лет назад

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

msrc логотип

CVE-2022-34176

CVSS3: 5.4
msrc
4 месяца назад

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

github логотип

GHSA-64mj-3p92-589v

CVSS3: 8
github
больше 3 лет назад

Cross-site Scripting in Jenkins JUnit Plugin

5.4 Medium

CVSS3