Lucene search
GitHub Advisory DatabaseGHSA-CHCG-GH9P-96C5HistoryNov 16, 2022 - 12:00 p.m.
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
2022-11-1612:00:23
CWE-79
GitHub Advisory Database
github.com
10
jenkins
associated files plugin
cross-site scripting
xss
vulnerability
attackers
permission
software
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.3%
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Currently, there are no known workarounds or patches.
Affected configurations
Node
org.jenkins-ci.mainassociated-files-pluginRange≤0.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.jenkins-ci.main | associated-files-plugin | * | cpe:2.3:a:org.jenkins-ci.main:associated-files-plugin:*:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2022-11-15 20:15:00
cve
cve
CVE-2022-45401
2022-11-15 20:15:15
cvelist
cvelist
CVE-2022-45401
2022-11-15 00:00:00
osv
osv
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
2022-11-16 12:00:23
nvd
nvd
CVE-2022-45401
2022-11-15 20:15:15
nessus
nessus
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
33.3%
Related for GHSA-CHCG-GH9P-96C5