CVE-2022-23110Cross-site Scripting in Project Jenkins Publish Over SSH Plugin

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 56.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Publish Over SSH PluginJenkins Publish Over SSH
Timeline
PublishedJan 12
Latest updateJan 13

Description

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_publish_over_ssh_pluginunspecified1.22

🔴Vulnerability Details

3
OSV
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin2022-01-13
GHSA
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin2022-01-13
CVEList
CVE-2022-23110: Jenkins Publish Over SSH Plugin 12022-01-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-01-122022-01-12
CVE-2022-23110 — Cross-site Scripting | cvebase