Lucene search
GoogleOSV:GHSA-6G4R-Q7QG-6QX6HistoryJun 24, 2022 - 12:00 a.m.
Cross-site Scripting vulnerability in Jenkins
2022-06-2400:00:31
Google
osv.dev
9
0.001 Low
EPSS
Percentile
22.0%
Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name.
This vulnerability is known to be exploitable by attackers with Job/Configure permission.
Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list views is now escaped.
No Jenkins LTS release is affected by SECURITY-2776 or SECURITY-2780, as these were not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
Related
alpinelinux
alpinelinux
CVE-2022-34173
2022-06-23 17:15:15
cve
cve
CVE-2022-34173
2022-06-23 17:15:15
cnvd
cnvd
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65927)
2022-06-27 00:00:00
nvd
nvd
CVE-2022-34173
2022-06-23 17:15:15
prion
prion
Cross site scripting
2022-06-23 17:15:00
osv
osv
BIT-jenkins-2022-34173
2024-03-06 10:57:32
CVE-2022-34173
2022-06-23 17:15:15
cvelist
cvelist
CVE-2022-34173
2022-06-22 14:40:54
github
github
Cross-site Scripting vulnerability in Jenkins
2022-06-24 00:00:31
redhatcve
redhatcve
CVE-2022-34173
2022-08-19 05:15:02
veracode
veracode
Cross-site Scripting (XSS)
2022-08-20 09:48:13
openvas
openvas
freebsd
freebsd
jenkins -- multiple vulnerabilities
2022-06-22 00:00:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (25be46f0-f25d-11ec-b62a-00e081b7aa2d)
2022-06-23 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
2022-07-15 00:00:00