CVE-2022-34778

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/testng-plugin

Identifiers

GHSA-8hv7-4vfc-w8pg, CVE-2022-34778

Package Slug

maven/org.jenkins-ci.plugins/testng-plugin

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results.

Affected Versions

All versions up to 554.va4a552116332

Solution

Upgrade to version 555.va0d5f66521e3 or above.

Last Modified

2022-07-26

source