Bug 2074851 (CVE-2022-29046)
Summary: | CVE-2022-29046 subversion: Stored XSS vulnerabilities in Jenkins subversion plugin | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | abenaiss, aos-bugs, bmontgom, eparis, jburrell, jokerman, nstielau, pbhattac, spandura, sponnaga, vkumar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | subversion plugin 2.15.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-31 09:14:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2064010, 2076249, 2076250, 2076251, 2076252, 2076253, 2076254, 2079307 | ||
Bug Blocks: | 2074888 |
Description
Avinash Hanwate
2022-04-13 09:11:36 UTC
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:2205 https://access.redhat.com/errata/RHSA-2022:2205 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2022:2280 https://access.redhat.com/errata/RHSA-2022:2280 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-29046 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:4909 https://access.redhat.com/errata/RHSA-2022:4909 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:4947 https://access.redhat.com/errata/RHSA-2022:4947 |