Lucene search

GitHub Advisory DatabaseGHSA-P86X-75J8-W4XH

HistoryDec 12, 2022 - 9:30 a.m.

Stored XSS vulnerability in Jenkins Checkmarx Plugin

2022-12-1209:30:35

CWE-79

GitHub Advisory Database

github.com

xss

checkmarx

jenkins

vulnerability

html reports

security

api

cross-site scripting

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.5%

JSON

heckmarx Plugin processes Checkmarx service API responses and generates HTML reports from them for rendering on the Jenkins UI.

Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports. This results in a stored cross-site scripting (XSS) vulnerability.

While Jenkins users without Overall/Administer permission are not allowed to configure the URL to the Checkmarx service, this could still be exploited via man-in-the-middle attacks.

Checkmarx Plugin 2022.4.3 escapes values returned from the Checkmarx service API before inserting them into HTML reports.

Affected configurations

Vulners

Node

com.checkmarx.jenkins\Matchcheckmarx

CPENameOperatorVersion
com.checkmarx.jenkins:checkmarxle2022.3.3

CPE	Name	Operator	Version
	com.checkmarx.jenkins:checkmarx	le	2022.3.3

References

github.com/advisories/GHSA-p86x-75j8-w4xh

nvd.nist.gov/vuln/detail/CVE-2022-46684

www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2869