CVE-2022-34170
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-34170
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34170.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-34170
- Aliases
- Published
- 2022-06-23T17:15:15Z
- Modified
- 2024-10-12T09:46:09.769835Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
- References
Affected packages
Git / github.com/jenkinsci/jenkins
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/jenkins
- Events
-
IntroducedLast affectedIntroducedLast affected
Affected versions
jenkins-2.*
jenkins-2.320
jenkins-2.321
jenkins-2.322
jenkins-2.323
jenkins-2.324
jenkins-2.325
jenkins-2.326
jenkins-2.327
jenkins-2.328
jenkins-2.329
jenkins-2.330
jenkins-2.331
jenkins-2.332
jenkins-2.332.1
jenkins-2.332.2
jenkins-2.332.2-rc
jenkins-2.332.2-rc-2
jenkins-2.332.3
jenkins-2.332.3-rc
jenkins-2.333
jenkins-2.334
jenkins-2.335
jenkins-2.336
jenkins-2.337
jenkins-2.338
jenkins-2.339
jenkins-2.340
jenkins-2.341
jenkins-2.342
jenkins-2.343
jenkins-2.344
jenkins-2.345
jenkins-2.346
jenkins-2.347
jenkins-2.348
jenkins-2.349
jenkins-2.350
jenkins-2.351
jenkins-2.352
jenkins-2.353
jenkins-2.354
jenkins-2.355