Home > Vulnerability Database > CVE-2022-46686

Mend.io Vulnerability Database

CVE-2022-46686

Good to know:

Date: December 6, 2022

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.

Language: Java

Severity Score

5.4

Related Resources (5)

Url: https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2810

Url: https://github.com/jenkinsci/custom-build-properties-plugin

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46686

Url: https://github.com/jenkinsci/custom-build-properties-plugin/commit/ff4e27181389955cbb051c1c91f0c85c6adbced0

Url: https://www.mend.io/vulnerability-database/CVE-2022-46686

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version io.jenkins.plugins:custom-build-properties:2.82.v16d5b

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46686

Good to know:

Date: December 6, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?