Stored Cross-Site Scripting in Jenkins Contrast Continuous Application Security Plugin
CVE-2022-43420
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 19 October 2022
What is CVE-2022-43420?
The Jenkins Contrast Continuous Application Security Plugin versions up to 3.9 exhibits a vulnerability where it fails to properly escape data returned from the Contrast service. This oversight allows for stored cross-site scripting (XSS) attacks that can be exploited by attackers who have the ability to manipulate the responses from the Contrast service API. When users generate reports, the unescaped data can lead to executed scripts, potentially compromising user interactions and sensitive information.
Affected Version(s)
Jenkins Contrast Continuous Application Security Plugin <= 3.9