CVE-2022-34184

Опубликовано: 23 июн. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Средний

Описание

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Ссылки

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784
Vendor Advisory
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:crx_content_package_deployer:*:*:*:*:*:jenkins:*:*

Версия до 1.9 (включая)

EPSS

Процентиль: 97%

0.31598

Средний

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hc44-p2qq-cfm9

CVSS3: 8

github

больше 3 лет назад

Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin