Description
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-7357 | Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. |
Github GHSA |
GHSA-h8hf-hxx6-5g6v | Cross-site Scripting in Jenkins Naginator Plugin |
References
History
Wed, 30 Apr 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2025-04-30T14:09:30.595Z
Reserved: 2022-11-14T00:00:00.000Z
Link: CVE-2022-45382
Updated: 2024-08-03T14:09:57.136Z
Status : Modified
Published: 2022-11-15T20:15:11.647
Modified: 2026-06-17T05:09:55.730
Link: CVE-2022-45382
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA