CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

Affected packages

Git / github.com/jenkinsci/junit-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/junit-plugin

Events

Introduced

Fixed

f1f01aaeab7fa35017112f6163b89283390f5da8

Database specific

{
    "cpe": "cpe:2.3:a:jenkins:junit:*:*:*:*:*:jenkins:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1160.vf1f01a_a_ea_b_7f"
        }
    ]
}

Affected versions

1119.*

1119.va_a_5e9068da_d7

1143.*

1143.v8d9a_e3355270

1144.*

1144.v909f4d9978e8

1150.*

1150.v5c2848328b_60

1153.*

1153.v1c24f1a_d2553

1156.*

1156.vcf492e95a_a_b_0

1159.*

1159.v0b_396e1e07dd

junit-1.*

junit-1.0

junit-1.1

junit-1.10

junit-1.11

junit-1.12

junit-1.13

junit-1.15

junit-1.16

junit-1.17

junit-1.18

junit-1.19

junit-1.2

junit-1.2-beta-1

junit-1.2-beta-2

junit-1.2-beta-3

junit-1.2-beta-4

junit-1.20

junit-1.21

junit-1.22

junit-1.22-beta-1

junit-1.22.1

junit-1.22.2

junit-1.23

junit-1.24

junit-1.25

junit-1.26

junit-1.26.1

junit-1.27

junit-1.28

junit-1.29

junit-1.3

junit-1.30

junit-1.31

junit-1.32

junit-1.33

junit-1.34

junit-1.35

junit-1.36

junit-1.37

junit-1.38

junit-1.39

junit-1.4

junit-1.40

junit-1.41

junit-1.42

junit-1.43

junit-1.44

junit-1.45

junit-1.46

junit-1.47

junit-1.48

junit-1.49

junit-1.5

junit-1.50

junit-1.51

junit-1.52

junit-1.53

junit-1.53.1

junit-1.54

junit-1.55

junit-1.56

junit-1.57

junit-1.58

junit-1.59

junit-1.6

junit-1.60

junit-1.61

junit-1.62

junit-1.63

junit-1.64

junit-1.7

junit-1.8

junit-1.9

Other

untagged-5894d25928dffc9e1c74

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45380.json"