CVE-2022-45382

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/naginator

Identifiers

GHSA-h8hf-hxx6-5g6v, CVE-2022-45382

Package Slug

maven/org.jenkins-ci.plugins/naginator

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.

Affected Versions

All versions up to 1.18.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-11-22

source