{
  "threat_severity" : "Important",
  "public_date" : "2022-11-15T00:00:00Z",
  "bugzilla" : {
    "description" : "jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin",
    "id" : "2143086",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2143086"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.", "A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTP(S) URLs in test report output to clickable links, which leads to a stored Cross-site scripting (XSS) attack." ],
  "statement" : "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.10",
    "release_date" : "2023-02-08T00:00:00Z",
    "advisory" : "RHSA-2023:0560",
    "cpe" : "cpe:/a:redhat:openshift:4.10::el8",
    "package" : "jenkins-2-plugins-0:4.10.1675144701-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.9",
    "release_date" : "2023-02-23T00:00:00Z",
    "advisory" : "RHSA-2023:0777",
    "cpe" : "cpe:/a:redhat:openshift:4.9::el8",
    "package" : "jenkins-2-plugins-0:4.9.1675668922-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Developer Tools and Services",
    "fix_state" : "Affected",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:ocp_tools"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Out of support scope",
    "package_name" : "jenkins-2-plugins",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-45380\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45380\nhttps://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888" ],
  "name" : "CVE-2022-45380",
  "csaw" : false
}