CVE-2022-43409: 
Java vulnerability analysis and mitigation

CVE-2022-43409 is a stored cross-site scripting (XSS) vulnerability discovered in Jenkins Pipeline: Supporting APIs Plugin versions 838.va3a087b_4055b and earlier. The vulnerability was disclosed on October 19, 2022, affecting the Jenkins automation server's Pipeline Supporting APIs Plugin. This security issue impacts the plugin's functionality that adds hyperlinks to build logs (Jenkins Advisory).

The vulnerability exists because the Pipeline: Supporting APIs Plugin does not properly sanitize or encode URLs of hyperlinks that send POST requests in build logs. These hyperlinks are used by Pipeline: Input Step Plugin to allow users to proceed or abort builds, or by Pipeline: Job Plugin to allow users to forcibly terminate builds after aborting them. The vulnerability has been assigned a severity rating of High according to the CVSS scoring system (Jenkins Advisory).

The vulnerability results in a stored cross-site scripting (XSS) vulnerability that can be exploited by attackers who have the ability to create Pipelines. This could potentially allow malicious actors to execute arbitrary JavaScript code in the context of other users' browsers when they view affected build logs (Jenkins Advisory).

The vulnerability has been fixed in Pipeline: Supporting APIs Plugin version 839.v35e2736cfd5c, which properly encodes URLs of hyperlinks in build logs. Users are advised to upgrade to this version or later to mitigate the vulnerability (Jenkins Advisory).