Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-64mj-3p92-589v

GitHub Security Advisory

Cross-site Scripting in Jenkins JUnit Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptions of test results.

Affected Packages

Maven org.jenkins-ci.plugins:junit
Affected versions: 0 (fixed in 1119.1121.vc43d0fc45561)

Related CVEs

CVE-2022-34176

Key Information

GHSA ID
GHSA-64mj-3p92-589v
Published
June 24, 2022 12:00 AM
Last Modified
December 5, 2022 11:29 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:junit
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.