Miggo Logo
Miggo Vulnerability Database
CVE-2022-27212

CVE-2022-27212: Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-27212
GHSA ID
GHSA-7756-56hr-2vcp
EPSS Score
0.96573%
CWE
CWE-79
Published
3/16/2022
Updated
10/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:list-git-branches-parametermaven<= 0.0.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key factors: 1) The plugin fails to escape the parameter name during rendering, and 2) It explicitly disables Jenkins' security mechanism (introduced in 2.44/LTS 2.32.2) that would normally prevent XSS via unescaped parameters. The isAutoEscaped() method's override to return false is explicitly mentioned in the advisory as the mechanism bypass. While the exact view template rendering the parameter name would also be involved, the root cause is the disabled escaping mechanism controlled by this method. The confidence is high because the advisory specifically calls out this security mechanism bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins List *it *r*n***s P*r*m*t*r Plu*in *.*.* *n* **rli*r *o*s not *s**p* t** n*m* o* t** 'List *it *r*n***s (*n* mor*)' p*r*m*t*r, r*sultin* in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*rs wit* It*m/*on*i*ur* p*rmiss

Reasoning

T** vuln*r**ility st*ms *rom two k*y ***tors: *) T** plu*in **ils to *s**p* t** p*r*m*t*r n*m* *urin* r*n**rin*, *n* *) It *xpli*itly *is**l*s J*nkins' s**urity m****nism (intro*u*** in *.**/LTS *.**.*) t**t woul* norm*lly pr*v*nt XSS vi* un*s**p** p