Cross-Site Scripting Vulnerability in Jenkins TestNG Results Plugin
CVE-2022-34778

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Testng Results Plugin
Vendor: CVE Published:; 30 June 2022

Summary

The TestNG Results Plugin for Jenkins, version 554.va4a552116332 and earlier, is susceptible to a cross-site scripting (XSS) vulnerability. This issue arises when unescaped test descriptions and exception messages are rendered in job results, particularly when specific job-level options are enabled. Attackers with the ability to configure jobs or manipulate test outcomes could exploit this weakness to inject malicious scripts, potentially compromising the integrity of the application and affecting users.

Affected Version(s)

Jenkins TestNG Results Plugin <= 554.va4a552116332

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022