CVE-2022-34784
published 2022-06-30CVE-2022-34784: Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build-metrics | — | — |
| jenkins | build_notifications_plugin | — | — |
| jenkins | cisco_spark_plugin | — | — |
| jenkins | deployment_dashboard_plugin | — | — |
| jenkins | elasticsearch_query_plugin | — | — |
| jenkins | failed_job_deactivator_plugin | — | — |
| jenkins | feedback_panel_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | ids_in_xebialabs_xl_release_plugin | — | — |
| jenkins | jigomerge_plugin | — | — |
| jenkins | matrix_reloaded_plugin | — | — |
| jenkins | opsgenie_plugin | — | — |
| jenkins | plot_plugin | — | — |
| jenkins | project_inheritance_plugin | — | — |
| jenkins | recipe_plugin | — | — |
| jenkins | request_rename_or_delete_plugin | — | — |
| jenkins | rich_text_publisher_plugin | — | — |
| jenkins | rocketchat_notifier_plugin | — | — |
| jenkins | rqm_plugin | — | — |
| jenkins | skype_notifier_plugin | — | — |
| jenkins | testng_results_plugin | — | — |
| jenkins | validating_email_parameter_plugin | — | — |
| jenkins | xebialabs_xl_release_plugin | — | — |
| jenkins | xpath_configuration_viewer_plugin | — | — |
| jenkins_project | jenkins_build-metrics_plugin | — | — |