Lucene search
PRIOn knowledge basePRION:CVE-2022-34170HistoryJun 23, 2022 - 5:15 p.m.
Cross site scripting
2022-06-2317:15:00
PRIOn knowledge base
www.prio-n.com
5
0.001 Low
EPSS
Percentile
22.0%
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Related
cvelist
cvelist
CVE-2022-34170
2022-06-22 14:40:50
osv
osv
BIT-jenkins-2022-34170
2024-03-06 10:58:03
CVE-2022-34170
2022-06-23 17:15:15
Cross-site Scripting vulnerability in Jenkins
2022-06-24 00:00:31
alpinelinux
alpinelinux
CVE-2022-34170
2022-06-23 17:15:15
redhatcve
redhatcve
CVE-2022-34170
2022-08-19 05:14:33
openvas
openvas
nvd
nvd
CVE-2022-34170
2022-06-23 17:15:15
cve
cve
CVE-2022-34170
2022-06-23 17:15:15
github
github
Cross-site Scripting vulnerability in Jenkins
2022-06-24 00:00:31
cnvd
cnvd
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65924)
2022-06-27 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-08-20 09:46:18
freebsd
freebsd
jenkins -- multiple vulnerabilities
2022-06-22 00:00:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (25be46f0-f25d-11ec-b62a-00e081b7aa2d)
2022-06-23 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
2022-07-15 00:00:00