Description
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2332
Related Vulnerabilities
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:tomcat-jasper
CVE-2022-34210 Vulnerability in maven package org.jenkins-ci.plugins:threadfix
CVE-2022-34207 Vulnerability in maven package org.jenkins-ci.plugins:beaker-builder