CVE-2022-45380

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45380
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45380.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45380
Aliases
Downstream
Published
2022-11-15T20:15:11Z
Modified
2025-10-10T04:19:03.422670Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

Affected packages

Git / github.com/jenkinsci/junit-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/junit-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f1f01aaeab7fa35017112f6163b89283390f5da8

Affected versions

1119.*

1119.va_a_5e9068da_d7

1143.*

1143.v8d9a_e3355270

1144.*

1144.v909f4d9978e8

1150.*

1150.v5c2848328b_60

1153.*

1153.v1c24f1a_d2553

1156.*

1156.vcf492e95a_a_b_0

1159.*

1159.v0b_396e1e07dd

junit-1.*

junit-1.0
junit-1.1
junit-1.10
junit-1.11
junit-1.12
junit-1.13
junit-1.14
junit-1.15
junit-1.16
junit-1.17
junit-1.18
junit-1.19
junit-1.2
junit-1.2-beta-1
junit-1.2-beta-2
junit-1.2-beta-3
junit-1.2-beta-4
junit-1.20
junit-1.21
junit-1.22
junit-1.22-beta-1
junit-1.22.1
junit-1.22.2
junit-1.23
junit-1.24
junit-1.25
junit-1.26
junit-1.26.1
junit-1.27
junit-1.28
junit-1.29
junit-1.3
junit-1.30
junit-1.31
junit-1.32
junit-1.33
junit-1.34
junit-1.35
junit-1.36
junit-1.37
junit-1.38
junit-1.39
junit-1.4
junit-1.40
junit-1.41
junit-1.42
junit-1.43
junit-1.44
junit-1.45
junit-1.46
junit-1.47
junit-1.48
junit-1.49
junit-1.5
junit-1.50
junit-1.51
junit-1.52
junit-1.53
junit-1.53.1
junit-1.54
junit-1.55
junit-1.56
junit-1.57
junit-1.58
junit-1.59
junit-1.6
junit-1.60
junit-1.61
junit-1.62
junit-1.63
junit-1.64
junit-1.7
junit-1.8
junit-1.9

Other

next
untagged-5894d25928dffc9e1c74

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-45380-1f0b7778",
            "digest": {
                "length": 302.0,
                "function_hash": "38294456350444789013210639004402907239"
            },
            "target": {
                "function": "annotate",
                "file": "src/main/java/hudson/tasks/test/TestResult.java"
            },
            "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-45380-21d9a6d1",
            "digest": {
                "line_hashes": [
                    "2225401747299320852080542399052709805",
                    "99249616740815944559024538286290614722",
                    "33943821901500803482902317084357399668",
                    "134959686665864286334375638333516063018",
                    "335464968731219873310029178275645702998"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "src/main/java/hudson/tasks/test/TestResult.java"
            },
            "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-45380-4d26b284",
            "digest": {
                "length": 1695.0,
                "function_hash": "330100818296320259612808637477993308494"
            },
            "target": {
                "function": "testIssue20090516",
                "file": "src/test/java/hudson/tasks/junit/CaseResultTest.java"
            },
            "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-45380-f1b6f3c6",
            "digest": {
                "line_hashes": [
                    "105760925231973394457059287493049116557",
                    "291963206071645492035950516074043568183",
                    "319756535385095139936226281162870273864",
                    "111749473775717998740462728825706334334",
                    "254217782379462401764117099421662878431",
                    "47730623145202323616316132669709898356",
                    "235319950552540420305583589492187072655",
                    "64378740672680513442327214871375999425",
                    "113325138338067756198975403345935847864",
                    "18652588658598405426216144477977985826",
                    "3860659112271162621978642608933898659",
                    "164676917687804307766644917714343520500",
                    "103680098942388434811122264162650388905",
                    "216015386586637357358576104717541980820",
                    "243058701891112986281998550630983263001",
                    "247204135802776440345957359596706439799",
                    "241655725629138046442191887134011558583",
                    "174744788031642835271637674084875516304",
                    "2933739595873277214713012132661057054",
                    "63855147448386309975258435690859927592",
                    "49880183837748484450480822847475221045"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "src/test/java/hudson/tasks/junit/CaseResultTest.java"
            },
            "source": "https://github.com/jenkinsci/junit-plugin/commit/f1f01aaeab7fa35017112f6163b89283390f5da8",
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        }
    ]
}