CVE-2022-43409
MEDIUMJenkins Pipeline: Supporting APIs Plugin <838.va_3a_087b_4055b - XSS
Title source: llmDescription
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/10/19/3
Scores
CVSS v3
5.4
EPSS
0.0437
EPSS Percentile
89.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
jenkins/pipeline\
< 838.va_3a_087b_4055b
org.jenkins-ci.plugins.workflow/workflow-support
0 - 839.v35e2736cfd5cMaven
Published
Oct 19, 2022
Tracked Since
Feb 18, 2026