{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45380", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "dateUpdated": "2023-10-24T14:26:09.402Z", "dateReserved": "2022-11-14T00:00:00", "datePublished": "2022-11-15T00:00:00"}, "containers": {"cna": {"affected": [{"product": "Jenkins JUnit Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "1159.v0b_396e1e07dd", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "unaffected", "version": "1143.1145.v81b_b_9579a_019"}, {"status": "unaffected", "version": "1119.1122.v750e65d31b_db_"}]}], "descriptions": [{"lang": "en", "value": "Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T14:26:09.402Z"}, "references": [{"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888"}, {"name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:junit:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "E137721C-4918-4CB2-A524-5AAAF4B16756", "versionEndExcluding": "1160.vf1f01a_a_ea_b_7f", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."}, {"lang": "es", "value": "Jenkins JUnit Plugin 1159.v0b_396e1e07dd y versiones anteriores convierten las URL HTTP(S) en la salida del informe de prueba en enlaces en los que se puede hacer clic de manera insegura, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenada que pueden explotar los atacantes con permiso Item/Configure."}], "id": "CVE-2022-45380", "lastModified": "2023-11-22T04:23:52.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-15T20:15:11.480", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}