CVE-2022-34176

Jenkins JUnit Plugin 1119.vaa5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760

Affected packages

Git / github.com/jenkinsci/junit-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/junit-plugin

Events

Introduced

Last affected

aa5e9068dad7520cef72b5db5b085096a21a413d

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1119.va_a_5e9068da_d7"
        }
    ],
    "cpe": "cpe:2.3:a:jenkins:junit:*:*:*:*:*:jenkins:*:*"
}

Affected versions

1119.*

1119.va_a_5e9068da_d7

junit-1.*

junit-1.0

junit-1.1

junit-1.10

junit-1.11

junit-1.12

junit-1.13

junit-1.15

junit-1.16

junit-1.17

junit-1.18

junit-1.19

junit-1.2

junit-1.2-beta-1

junit-1.2-beta-2

junit-1.2-beta-3

junit-1.2-beta-4

junit-1.20

junit-1.21

junit-1.22

junit-1.22-beta-1

junit-1.22.1

junit-1.22.2

junit-1.23

junit-1.24

junit-1.25

junit-1.26

junit-1.26.1

junit-1.27

junit-1.28

junit-1.29

junit-1.3

junit-1.30

junit-1.31

junit-1.32

junit-1.33

junit-1.34

junit-1.35

junit-1.36

junit-1.37

junit-1.38

junit-1.39

junit-1.4

junit-1.40

junit-1.41

junit-1.42

junit-1.43

junit-1.44

junit-1.45

junit-1.46

junit-1.47

junit-1.48

junit-1.49

junit-1.5

junit-1.50

junit-1.51

junit-1.52

junit-1.53

junit-1.53.1

junit-1.54

junit-1.55

junit-1.56

junit-1.57

junit-1.58

junit-1.59

junit-1.6

junit-1.60

junit-1.61

junit-1.62

junit-1.63

junit-1.64

junit-1.7

junit-1.8

junit-1.9

Other

untagged-5894d25928dffc9e1c74

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34176.json"