CVE-2022-29036

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-29036
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29036.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-29036
Aliases
Downstream
Published
2022-04-12T20:15:09.080Z
Modified
2026-02-03T08:03:24.286576Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

Affected packages

Git / github.com/jenkinsci/credentials-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/credentials-plugin
Events
Introduced
1346ba467ba12df2f6784dbb99dd9721994f7fb5
Fixed
39c30cecb0e2512c4e0199e37821025af6e6e070
Fixed
b51678df97ac5f8bc35eda36a48795f8530da041
Introduced
b4e24ac78b811901d635b7c382cdcf50562a63d5
Fixed
c87b7a3597f63aa525d3655bb8270d584ea5fc36

Affected versions

1055.*
1055.v1346ba467ba1
1061.*
1061.vb_1fceb_58fa_18
1074.*
1074.v60e6c29b_b_44b_
1087.*
1087.v16065d268466
1105.*
1105.vb_4e24a_c78b_81
1111.*
1111.v35a_307992395

Database specific

vanir_signatures 
[
    {
        "target": {
            "file": "src/test/java/com/cloudbees/plugins/credentials/CredentialsParameterDefinitionTest.java"
        },
        "deprecated": false,
        "id": "CVE-2022-29036-4b41f347",
        "source": "https://github.com/jenkinsci/credentials-plugin/commit/c87b7a3597f63aa525d3655bb8270d584ea5fc36",
        "digest": {
            "line_hashes": [
                "83727615286348313829675903088563602067",
                "54869314089508693882626512649044307084",
                "312874980153135320499372257308575480433",
                "257581418588421848910458884747290341307",
                "6691583686450552339977131195670720405",
                "132803057579268369307197705357036269611",
                "243787488524581158586499063960850071158",
                "328184817662817287907696749228039996112",
                "96519729426239633875485433117340688952",
                "243437566090217521401495988406898513111",
                "28483131562127789577545796955169366628",
                "72052839710360307075438765084806698039",
                "89666286573407154181176688931677930719",
                "229655880802628484206953678104251738460",
                "19080391125361095553571203643549901209",
                "106617460669940603892167930580359240726",
                "221344400089268307001470952589678519040",
                "111083240275972725174620794389045579337",
                "166682197758268882393125630922601866066",
                "161208506955036029422877051217577474865",
                "109640926340354571798389626581885071480",
                "318026700551472885968166101934376943299",
                "95149550346917211170534839442573574186",
                "90862824560457193317995517193432962847",
                "107363461172924357567756489489241822724",
                "339325365198068775232023261210550300877",
                "256601009744630766042607834988654084816",
                "215964877983795893581214131571523116144",
                "97739389802329847652444196880629630593",
                "261102295215008467095740750384368972168"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/test/java/com/cloudbees/plugins/credentials/CredentialsParameterDefinitionTest.java"
        },
        "deprecated": false,
        "id": "CVE-2022-29036-9c0c53a2",
        "source": "https://github.com/jenkinsci/credentials-plugin/commit/39c30cecb0e2512c4e0199e37821025af6e6e070",
        "digest": {
            "line_hashes": [
                "83727615286348313829675903088563602067",
                "306800675778640274636379015543481394824",
                "317487875669070261878963467747004926600",
                "206873271075746475143112863932813805918",
                "123020493912287335925349348128277274615",
                "270066523748029991366803290291676983485",
                "29228068631080668101363173117000904750",
                "328184817662817287907696749228039996112",
                "96519729426239633875485433117340688952",
                "243437566090217521401495988406898513111",
                "28483131562127789577545796955169366628",
                "72052839710360307075438765084806698039",
                "89666286573407154181176688931677930719",
                "229655880802628484206953678104251738460",
                "19080391125361095553571203643549901209",
                "106617460669940603892167930580359240726",
                "221344400089268307001470952589678519040",
                "111083240275972725174620794389045579337",
                "166682197758268882393125630922601866066",
                "161208506955036029422877051217577474865",
                "109640926340354571798389626581885071480",
                "318026700551472885968166101934376943299",
                "95149550346917211170534839442573574186",
                "90862824560457193317995517193432962847",
                "107363461172924357567756489489241822724",
                "339325365198068775232023261210550300877",
                "256601009744630766042607834988654084816",
                "215964877983795893581214131571523116144",
                "275955670840425320496164063633890336428",
                "261102295215008467095740750384368972168"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29036.json"