CVE-2022-45380

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45380
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45380.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-45380
Aliases
Downstream
Published
2022-11-15T20:15:11Z
Modified
2025-10-15T14:14:21.884106Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

Affected packages

Git / github.com/jenkinsci/junit-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/junit-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f1f01aaeab7fa35017112f6163b89283390f5da8

Affected versions

1119.*

1119.va_a_5e9068da_d7

1143.*

1143.v8d9a_e3355270

1144.*

1144.v909f4d9978e8

1150.*

1150.v5c2848328b_60

1153.*

1153.v1c24f1a_d2553

1156.*

1156.vcf492e95a_a_b_0

1159.*

1159.v0b_396e1e07dd

junit-1.*

junit-1.0
junit-1.1
junit-1.10
junit-1.11
junit-1.12
junit-1.13
junit-1.14
junit-1.15
junit-1.16
junit-1.17
junit-1.18
junit-1.19
junit-1.2
junit-1.2-beta-1
junit-1.2-beta-2
junit-1.2-beta-3
junit-1.2-beta-4
junit-1.20
junit-1.21
junit-1.22
junit-1.22-beta-1
junit-1.22.1
junit-1.22.2
junit-1.23
junit-1.24
junit-1.25
junit-1.26
junit-1.26.1
junit-1.27
junit-1.28
junit-1.29
junit-1.3
junit-1.30
junit-1.31
junit-1.32
junit-1.33
junit-1.34
junit-1.35
junit-1.36
junit-1.37
junit-1.38
junit-1.39
junit-1.4
junit-1.40
junit-1.41
junit-1.42
junit-1.43
junit-1.44
junit-1.45
junit-1.46
junit-1.47
junit-1.48
junit-1.49
junit-1.5
junit-1.50
junit-1.51
junit-1.52
junit-1.53
junit-1.53.1
junit-1.54
junit-1.55
junit-1.56
junit-1.57
junit-1.58
junit-1.59
junit-1.6
junit-1.60
junit-1.61
junit-1.62
junit-1.63
junit-1.64
junit-1.7
junit-1.8
junit-1.9

Other

next
untagged-5894d25928dffc9e1c74

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2022-45380-1f0b7778",
        "digest": {
            "function_hash": "38294456350444789013210639004402907239",
            "length": 302.0
        },
        "target": {
            "function": "annotate",
            "file": "src/main/java/hudson/tasks/test/TestResult.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2022-45380-21d9a6d1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "2225401747299320852080542399052709805",
                "99249616740815944559024538286290614722",
                "33943821901500803482902317084357399668",
                "134959686665864286334375638333516063018",
                "335464968731219873310029178275645702998"
            ]
        },
        "target": {
            "file": "src/main/java/hudson/tasks/test/TestResult.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2022-45380-4d26b284",
        "digest": {
            "function_hash": "330100818296320259612808637477993308494",
            "length": 1695.0
        },
        "target": {
            "function": "testIssue20090516",
            "file": "src/test/java/hudson/tasks/junit/CaseResultTest.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2022-45380-f1b6f3c6",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105760925231973394457059287493049116557",
                "291963206071645492035950516074043568183",
                "319756535385095139936226281162870273864",
                "111749473775717998740462728825706334334",
                "254217782379462401764117099421662878431",
                "47730623145202323616316132669709898356",
                "235319950552540420305583589492187072655",
                "64378740672680513442327214871375999425",
                "113325138338067756198975403345935847864",
                "18652588658598405426216144477977985826",
                "3860659112271162621978642608933898659",
                "164676917687804307766644917714343520500",
                "103680098942388434811122264162650388905",
                "216015386586637357358576104717541980820",
                "243058701891112986281998550630983263001",
                "247204135802776440345957359596706439799",
                "241655725629138046442191887134011558583",
                "174744788031642835271637674084875516304",
                "2933739595873277214713012132661057054",
                "63855147448386309975258435690859927592",
                "49880183837748484450480822847475221045"
            ]
        },
        "target": {
            "file": "src/test/java/hudson/tasks/junit/CaseResultTest.java"
        }
    }
]