CVE-2022-29046 — Cross-site Scripting in Project Jenkins Subversion Plugin

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

2.3%

top 15.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Jenkins Project Jenkins Subversion Plugin Jenkins Subversion

Timeline

PublishedApr 12

Latest updateJul 20

Description

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_subversion_pluginunspecified — 2.15.3

▶NVDjenkins/subversion2.15.3

▶NVDapple/macos12.0 — 12.5

🔴Vulnerability Details

OSV

Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin↗2022-04-13

▶

GHSA

Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin↗2022-04-13

▶

CVEList

CVE-2022-29046: Jenkins Subversion Plugin 2↗2022-04-12

▶

📋Vendor Advisories

Apple

CVE-2022-29046: macOS Monterey 12.5↗2022-07-20

▶

Jenkins

Jenkins Security Advisory 2022-04-12↗2022-04-12

▶

Red Hat

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin↗2022-04-12

▶