CVE-2022-29036
published 2022-04-12CVE-2022-29036: Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_step_plugin | — | — |
| jenkins | coordinator_plugin | — | — |
| jenkins | credentials | < 2.6.1.1 | 2.6.1.1 |
| jenkins | credentials | >= 1055.v1346ba467ba1 < 1074.1076.v39c30cecb_0e2 | 1074.1076.v39c30cecb_0e2 |
| jenkins | credentials | >= 1105.vb_4e24a_c78b_81 < 1112.vc87b_7a_3597f6 | 1112.vc87b_7a_3597f6 |
| jenkins | credentials_plugin | — | — |
| jenkins | cvs_plugin | — | — |
| jenkins | deprecated_groovy_libraries_plugin | — | — |
| jenkins | extended_choice_parameter_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_parameter_plugin | — | — |
| jenkins | google_compute_engine_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | jira_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | job_generator_plugin | — | — |
| jenkins | mask_passwords_plugin | — | — |
| jenkins | maven_release_plugin | — | — |
| jenkins | node_and_label_parameter_plugin | — | — |
| jenkins | promotion_names_in_promoted_builds_plugin | — | — |
| jenkins | publish_over_ftp_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | release_plugin | — | — |
| jenkins | show_build_parameters_plugin | — | — |
| jenkins | subversion_plugin | — | — |