CVE-2022-29045
published 2022-04-12CVE-2022-29045: Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_step_plugin | — | — |
| jenkins | coordinator_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | cvs_plugin | — | — |
| jenkins | deprecated_groovy_libraries_plugin | — | — |
| jenkins | extended_choice_parameter_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_parameter_plugin | — | — |
| jenkins | google_compute_engine_plugin | — | — |
| jenkins | input_step_plugin | — | — |
| jenkins | jira_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | job_generator_plugin | — | — |
| jenkins | mask_passwords_plugin | — | — |
| jenkins | maven_release_plugin | — | — |
| jenkins | node_and_label_parameter_plugin | — | — |
| jenkins | promoted_builds | < 3.10.1 | 3.10.1 |
| jenkins | promoted_builds | >= 867.v7c3a_b_83a_eb_79 < 876.v99d29788b_36b_ | 876.v99d29788b_36b_ |
| jenkins | promotion_names_in_promoted_builds_plugin | — | — |
| jenkins | publish_over_ftp_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | release_plugin | — | — |
| jenkins | show_build_parameters_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | unleash_maven_plugin | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa5.4MEDIUM
osv5.4MEDIUM