Lucene search
GoogleOSV:GHSA-FJPM-HF7C-XGC2HistoryJan 13, 2022 - 12:00 a.m.
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
2022-01-1300:00:54
Google
osv.dev
4
0.001 Low
EPSS
Percentile
22.0%
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
References
www.openwall.com/lists/oss-security/2022/01/12/6
github.com/jenkinsci/publish-over-ssh-plugin
github.com/jenkinsci/publish-over-ssh-plugin/commit/edf4e981684326d371200541d440d26b141b269e
github.com/jenkinsci/publish-over-ssh-plugin/releases/tag/publish-over-ssh-1.23
nvd.nist.gov/vuln/detail/CVE-2022-23110
www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287
Related
cnvd
cnvd
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-05039)
2022-01-16 00:00:00
github
github
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
2022-01-13 00:00:54
cve
cve
CVE-2022-23110
2022-01-12 20:15:09
osv
osv
CVE-2022-23110
2022-01-12 20:15:09
nvd
nvd
CVE-2022-23110
2022-01-12 20:15:09
prion
prion
Cross site scripting
2022-01-12 20:15:00
cvelist
cvelist
CVE-2022-23110
2022-01-12 19:06:11
nessus
nessus
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00