Description
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2332
Related Vulnerabilities
CVE-2012-0818 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxb-provider
CVE-2018-6341 Vulnerability in maven package org.webjars.bowergithub.vuejs:vue
CVE-2022-25179 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-multibranch
CVE-2021-21661 Vulnerability in maven package org.jenkins-ci.plugins:kubernetes-cli