Lucene search
China National Vulnerability DatabaseCNVD-2022-66007HistoryJun 24, 2022 - 12:00 a.m.
Jenkins Maven Metadata for CI server Plugin Cross-Site Scripting Vulnerability
2022-06-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
jenkins
maven
metadata
ci server
plugin
cross-site scripting
vulnerability
javascript
attack
EPSS
0.001
Percentile
22.0%
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins Maven Metadata for CI server Plugin version 2.1 and earlier. The vulnerability stems from a failure to escape the name and description of the List maven artifact versions parameter on the view where the parameter is displayed, which can be exploited by an attacker to execute JavaScript code on the client side.
Related
cvelist
cvelist
CVE-2022-34190
2022-06-22 14:41:21
prion
prion
Cross site scripting
2022-06-23 17:15:00
nvd
nvd
CVE-2022-34190
2022-06-23 17:15:16
cve
cve
CVE-2022-34190
2022-06-23 17:15:16
github
github
Cross-site Scripting in Jenkins Maven Metadata Plugin
2022-06-24 00:00:31
osv
osv
Cross-site Scripting in Jenkins Maven Metadata Plugin
2022-06-24 00:00:31
nessus
nessus
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.14 / 2.332.4.1 / 2.346.1.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-06-22)
2022-07-05 00:00:00
Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities
2022-07-15 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
2022-07-15 00:00:00