Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
{ "nvd_published_at": "2022-07-27T15:15:00Z", "github_reviewed_at": "2022-12-12T16:09:13Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }