Lucene search
GoogleOSV:CVE-2022-34170HistoryJun 23, 2022 - 5:15 p.m.
CVE-2022-34170
2022-06-2317:15:15
Google
osv.dev
6
0.001 Low
EPSS
Percentile
22.0%
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Related
cvelist
cvelist
CVE-2022-34170
2022-06-22 14:40:50
osv
osv
BIT-jenkins-2022-34170
2024-03-06 10:58:03
Cross-site Scripting vulnerability in Jenkins
2022-06-24 00:00:31
alpinelinux
alpinelinux
CVE-2022-34170
2022-06-23 17:15:15
redhatcve
redhatcve
CVE-2022-34170
2022-08-19 05:14:33
prion
prion
Cross site scripting
2022-06-23 17:15:00
openvas
openvas
nvd
nvd
CVE-2022-34170
2022-06-23 17:15:15
cve
cve
CVE-2022-34170
2022-06-23 17:15:15
github
github
Cross-site Scripting vulnerability in Jenkins
2022-06-24 00:00:31
cnvd
cnvd
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65924)
2022-06-27 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-08-20 09:46:18
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (25be46f0-f25d-11ec-b62a-00e081b7aa2d)
2022-06-23 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
2022-07-15 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2022-06-22 00:00:00