CVE-2022-34172

Опубликовано: 22 июн. 2022

Источник: redhat

CVSS3: 6.1

Описание

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

Отчет

This vulnerability affects the Jenkins 2.340 through 2.355 (both inclusive). Red Hat products use Jenkins version 2.319 which is NOT affected by this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins	Not affected
Red Hat OpenShift Container Platform 4	jenkins	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2119650Jenkins: Cross-site scripting (XSS) vulnerability in Jenkins LTS

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2022-34172

CVSS3: 5.4

nvd

больше 3 лет назад

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

CVE-2022-34172

CVSS3: 5.4

debian

больше 3 лет назад

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons une ...

GHSA-mhp7-3393-pfqr

CVSS3: 8

github

больше 3 лет назад

Cross-site Scripting vulnerability in Jenkins

6.1 Medium

CVSS3