Cross-Site Scripting Vulnerability in Jenkins TestNG Results Plugin
CVE-2022-34778

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Testng Results Plugin
Vendor: CVE Published:; 30 June 2022

What is CVE-2022-34778?

The TestNG Results Plugin for Jenkins, version 554.va4a552116332 and earlier, is susceptible to a cross-site scripting (XSS) vulnerability. This issue arises when unescaped test descriptions and exception messages are rendered in job results, particularly when specific job-level options are enabled. Attackers with the ability to configure jobs or manipulate test outcomes could exploit this weakness to inject malicious scripts, potentially compromising the integrity of the application and affecting users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins TestNG Results Plugin <= 554.va4a552116332

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022

JSON

Jenkins