1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-2332

[JENKINS:SECURITY-2332] Stored XSS vulnerability in `rich-text-publisher-plugin`

Severity High
Affected Packages 2
CVEs 1
Info Packages References Vulnerabilities

rich-text-publisher-plugin 1.4 and earlier does not escape the HTML message set by its post-build step.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

As of publication of this advisory, there is no fix.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/rich-text-publisher-plugin <= 1.4
pkg:github/jenkinsci/rich-text-publisher-plugin-plugin <= 1.4
ID
JENKINS:SECURITY-2332
Severity
high
Published
2022-06-30T00:00:00
(2 years ago)
Modified
2022-06-30T00:00:00
(2 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository rich-text-publisher-plugin repository https://github.com/jenkinsci/rich-text-publisher-plugin-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/rich-text-publisher-plugin org.jenkins-ci.plugins rich-text-publisher-plugin <= 1.4
Affected pkg:github/jenkinsci/rich-text-publisher-plugin-plugin jenkinsci rich-text-publisher-plugin-plugin <= 1.4
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date