Stored Cross-Site Scripting Vulnerability in Jenkins Performance Publisher Plugin
CVE-2022-41229

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Ns-nd Integration Performance Publisher Plugin
Vendor: CVE Published:; 21 September 2022

Summary

The NS-ND Integration Performance Publisher Plugin for Jenkins, up to version 4.8.0.134, is susceptible to stored cross-site scripting due to improper handling of configuration options in the Execute NetStorm/NetCloud Test build step. This flaw allows attackers with Item/Configure permissions to inject malicious scripts that could be executed in the context of other users. As a result, sensitive information could be compromised, and mechanisms in place to safeguard user sessions may be circumvented.

Affected Version(s)

Jenkins NS-ND Integration Performance Publisher Plugin <= 4.8.0.134

References

https://www.jenkins.io/security/advisory/2022-09-21/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Sep 21, 2022