Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-38664

UNKNOWN
Published 2022-08-23T16:45:31
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-38664. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins Job Configuration History Plugin

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cross-site Scripting in Jenkins Job Configuration History Plugin

GHSA-28w4-h56g-grg7

Advisory Details

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.

Affected Packages

Maven org.jenkins-ci.plugins:jobConfigHistory
ECOSYSTEM: ≥0 <1166.vc9f255f45b

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-38664
WEB https://github.com/jenkinsci/job-config-history-plugin/commit/c9f255f45b8a6ed008d66be094526adfd80ca035
PACKAGE https://github.com/jenkinsci/job-config-history-plugin
WEB https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2765
WEB http://www.openwall.com/lists/oss-security/2022/08/23/2

Advisory provided by GitHub Security Advisory Database. Published: August 24, 2022, Modified: November 28, 2022

References

https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2765
http://www.openwall.com/lists/oss-security/2022/08/23/2
Published: 2022-08-23T16:45:31
Last Modified: 2024-08-03T11:02:14.355Z
Copied to clipboard!