VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-73th-g3mx-dqf1

Essentials
Severities (29)
References (13)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-73th-g3mx-dqf1
Aliases	CVE-2022-43409 GHSA-64r9-x74q-wxmh
Summary	Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build after aborting it. Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines. Pipeline: Supporting APIs Plugin 839.v35e2736cfd5c properly encodes URLs of these hyperlinks in build logs.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43409.json
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
epss	0.04168	https://api.first.org/data/v1/epss?cve=CVE-2022-43409
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-64r9-x74q-wxmh
cvssv3.1	8.0	https://github.com/jenkinsci/workflow-support-plugin
generic_textual	HIGH	https://github.com/jenkinsci/workflow-support-plugin
cvssv3.1	8.0	https://github.com/jenkinsci/workflow-support-plugin/commit/35e2736cfd5c56799eece176328906d92b6a0dd1
generic_textual	HIGH	https://github.com/jenkinsci/workflow-support-plugin/commit/35e2736cfd5c56799eece176328906d92b6a0dd1
cvssv3.1	8.0	https://nvd.nist.gov/vuln/detail/CVE-2022-43409
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-43409
cvssv3.1	5.4	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881
cvssv3.1	8.0	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881
generic_textual	HIGH	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881
ssvc	Track	https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881
cvssv3.1	5.4	http://www.openwall.com/lists/oss-security/2022/10/19/3
cvssv3.1	8.0	http://www.openwall.com/lists/oss-security/2022/10/19/3
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2022/10/19/3
ssvc	Track	http://www.openwall.com/lists/oss-security/2022/10/19/3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43409.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-43409
		https://github.com/jenkinsci/workflow-support-plugin
		https://github.com/jenkinsci/workflow-support-plugin/commit/35e2736cfd5c56799eece176328906d92b6a0dd1
		https://nvd.nist.gov/vuln/detail/CVE-2022-43409
		https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881
		http://www.openwall.com/lists/oss-security/2022/10/19/3
2136391		https://bugzilla.redhat.com/show_bug.cgi?id=2136391
GHSA-64r9-x74q-wxmh		https://github.com/advisories/GHSA-64r9-x74q-wxmh
RHSA-2023:0560		https://access.redhat.com/errata/RHSA-2023:0560
RHSA-2023:0777		https://access.redhat.com/errata/RHSA-2023:0777
RHSA-2023:1064		https://access.redhat.com/errata/RHSA-2023:1064
RHSA-2023:3198		https://access.redhat.com/errata/RHSA-2023:3198

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43409.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/jenkinsci/workflow-support-plugin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/jenkinsci/workflow-support-plugin/commit/35e2736cfd5c56799eece176328906d92b6a0dd1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-43409

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:24:01Z/ Found at https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2022/10/19/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2022/10/19/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:24:01Z/ Found at http://www.openwall.com/lists/oss-security/2022/10/19/3

Exploit Prediction Scoring System (EPSS)

Percentile	0.88645
EPSS Score	0.04168
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:05:03.578409+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-64r9-x74q-wxmh/GHSA-64r9-x74q-wxmh.json	38.0.0