QwikSec

Security Database

CVE

CWE

Training

CVE-2022-28145

Published: Mar 29, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents.

Vendor	Product	Versions
Jenkins project	Jenkins Continuous Integration with Toad Edge Plugin	affected `unspecified - <= 2.3`

References

https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-1892

x_refsource_CONFIRM

[oss-security] 20220329 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.