GHSA-28w4-h56g-grg7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-28w4-h56g-grg7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-28w4-h56g-grg7/GHSA-28w4-h56g-grg7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-28w4-h56g-grg7
- Aliases
-
- CVE-2022-38664
- Published
- 2022-08-24T00:00:28Z
- Modified
- 2024-02-16T08:16:28.848621Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Jenkins Job Configuration History Plugin
- Details
-
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
- Database specific
{ "nvd_published_at": "2022-08-23T17:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-28T22:08:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-38664
- https://github.com/jenkinsci/job-config-history-plugin/commit/c9f255f45b8a6ed008d66be094526adfd80ca035
- https://github.com/jenkinsci/job-config-history-plugin
- https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2765
- http://www.openwall.com/lists/oss-security/2022/08/23/2
Affected packages
Maven / org.jenkins-ci.plugins:jobConfigHistory
Package
- Name
- org.jenkins-ci.plugins:jobConfigHistory
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/jobConfigHistory
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1166.vc9f255f45b
Affected versions
1.*
1.10
1.11
1.12
1.13
2.*
2.0
2.1
2.1.1
2.2
2.3
2.4
2.5
2.6
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.18.1
2.18.2
2.18.3
2.19
2.20
2.21
2.22
2.23
2.23.1
2.24
2.25
2.26
2.27
2.28
2.28.1
2.29-rc1073.41ef89cf4e15
2.29
2.30
2.31-rc1092.de9e11acbcf3
2.31-rc1098.b666422863b2
2.31-rc1107.2354f08725a_8
2.31-rc1118.fdcd7d8898ff
1119.*
1119.v509e1017356b_
1133.*
1133.v0f5420f85053
1139.*
1139.v888b_656ca_f6d
1146.*
1146.v94c2521f9213
1148.*
1148.v8607da_ef251e
1155.*
1155.v28a_46a_cc06a_5
1156.*
1156.v536a_97b_8d649
1163.*
1163.ve82c7c6e60a_3
1165.*
1165.v8cc9fd1f4597