CVE-2022-34176

Medium

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site…

jenkins·CWE-79·Published 2022-06-22

CVSS

5.4

EPSS

0.77

KEV

Exploits

cve.orgen

216 chars

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

NVDen

216 chars

OSV.deven

323 chars

JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.

GHSAen

323 chars

NVDes

258 chars

Jenkins JUnit Plugin versiones 1119.va_a_5e9068da_d7 y anteriores, no escapa a las descripciones de los resultados de las pruebas, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado, explotable por atacantes con permiso Run/Update

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
3.1	Primary	NVD	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	GHSA	8.0	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H