CVE-2022-23110

2022-01-1220:15:09

Google

osv.dev

0.001 Low

EPSS

Percentile

22.0%

JSON

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

CPENameOperatorVersion
publish-over-ssh-plugineqpublish-over-ssh-0.8
publish-over-ssh-plugineqpublish-over-ssh-1.18
publish-over-ssh-plugineqpublish-over-ssh-1.14
publish-over-ssh-plugineqpublish-over-ssh-1.19
publish-over-ssh-plugineqpublish-over-ssh-0.12
publish-over-ssh-plugineqpublish-over-ssh-0.13
publish-over-ssh-plugineqpublish-over-ssh-1.3
publish-over-ssh-plugineqpublish-over-ssh-1.5
publish-over-ssh-plugineqpublish-over-ssh-0.6
publish-over-ssh-plugineqpublish-over-ssh-0.9

Name	Operator	Version
publish-over-ssh-plugin	eq	publish-over-ssh-0.8
publish-over-ssh-plugin	eq	publish-over-ssh-1.18
publish-over-ssh-plugin	eq	publish-over-ssh-1.14
publish-over-ssh-plugin	eq	publish-over-ssh-1.19
publish-over-ssh-plugin	eq	publish-over-ssh-0.12
publish-over-ssh-plugin	eq	publish-over-ssh-0.13
publish-over-ssh-plugin	eq	publish-over-ssh-1.3
publish-over-ssh-plugin	eq	publish-over-ssh-1.5
publish-over-ssh-plugin	eq	publish-over-ssh-0.6
publish-over-ssh-plugin	eq	publish-over-ssh-0.9