Stored Cross-Site Scripting Vulnerability in Jenkins Checkmarx Plugin by Jenkins
CVE-2022-46684

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Checkmarx Plugin
Vendor: CVE Published:; 12 December 2022

Summary

The Jenkins Checkmarx Plugin prior to version 2022.3.3 is susceptible to a stored cross-site scripting (XSS) vulnerability. This occurs when values retrieved from the Checkmarx service API are not properly escaped before being rendered in HTML reports. If an attacker exploits this vulnerability, they can inject malicious scripts, compromising the security of the Jenkins environment and potentially affecting users who view the reports.

Affected Version(s)

Jenkins Checkmarx Plugin <= 2022.3.3

References

https://www.jenkins.io/security/advisory/2022-12-07/#SECU...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Dec 6, 2022