Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-34173

Опубликовано: 22 июн. 2022
Источник: redhat
CVSS3: 6.1

Описание

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Отчет

This vulnerability affects the Jenkins 2.340 through 2.355 (both inclusive). Red Hat products use Jenkins version 2.319 which is NOT affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11jenkinsNot affected
Red Hat OpenShift Container Platform 4jenkinsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2119652Jenkins: Cross-site scripting (XSS) vulnerability in Jenkins LTS

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-34173

CVSS3: 5.4
nvd
больше 3 лет назад

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

debian логотип

CVE-2022-34173

CVSS3: 5.4
debian
больше 3 лет назад

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the bui ...

github логотип

GHSA-6g4r-q7qg-6qx6

CVSS3: 8
github
больше 3 лет назад

Cross-site Scripting vulnerability in Jenkins

6.1 Medium

CVSS3