Miggo Logo

CVE-2022-30965: Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types

8

CVSS Score
3.1

Basic Information

EPSS Score
0.96652%
Published
5/18/2022
Updated
1/28/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:promoted-builds-simplemaven<= 1.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises because the plugin does not properly escape the 'name' and 'description' fields of Promotion Level parameters when rendering them in views (e.g., the 'Build With Parameters' or 'Parameters' pages). However, the advisory does not provide specific code details (e.g., commit diffs, patch information, or file paths), making it impossible to identify exact Java functions with high confidence. The root cause likely resides in the Jelly view templates (e.g., *.jelly files) responsible for rendering these parameters, where escaping is omitted (e.g., using ${parameter.name} instead of ${parameter.name?html}). Since the question asks for functions (not templates) and no code is provided, no specific Java functions can be pinpointed with high certainty.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Promot** *uil*s (Simpl*) Plu*in *.* *n* **rli*r *o*s not *s**p* t** n*m* *n* **s*ription o* Promotion L*v*l p*r*m*t*rs on vi*ws *ispl*yin* p*r*m*t*rs. T*is r*sults in stor** *ross-sit* s*riptin* (XSS) vuln*r**iliti*s *xploit**l* *y *tt**k*rs

Reasoning

T** vuln*r**ility *ris*s ****us* t** plu*in *o*s not prop*rly *s**p* t** 'n*m*' *n* '**s*ription' *i*l*s o* Promotion L*v*l p*r*m*t*rs w**n r*n**rin* t**m in vi*ws (*.*., t** '*uil* Wit* P*r*m*t*rs' or 'P*r*m*t*rs' p***s). *ow*v*r, t** **visory *o*s