Miggo Logo
Miggo Vulnerability Database
CVE-2022-28149

CVE-2022-28149: Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin

8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-28149
GHSA ID
GHSA-x63v-prhc-xx6f
EPSS Score
0.96573%
CWE
CWE-79
Published
3/30/2022
Updated
2/2/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.synopsys.jenkinsci:ownershipmaven<= 0.13.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is related to the lack of escaping of secondary owners' names. Functions that handle or display these names are likely to be vulnerable. Without specific patch details, we infer based on the vulnerability description and typical XSS vulnerability patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Jo* *n* No** own*rs*ip Plu*in *.**.* *n* **rli*r *o*s not *s**p* t** n*m*s o* t** s**on**ry own*rs, r*sultin* in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*rs wit* It*m/*on*i*ur* p*rmission.

Reasoning

T** vuln*r**ility is r*l*t** to t** l**k o* *s**pin* o* s**on**ry own*rs' n*m*s. *un*tions t**t **n*l* or *ispl*y t**s* n*m*s *r* lik*ly to ** vuln*r**l*. Wit*out sp**i*i* p*t** **t*ils, w* in**r **s** on t** vuln*r**ility **s*ription *n* typi**l XSS