Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-28153

Summary
Assigner-jenkins
Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At-06 Mar, 2024 | 17:01
Updated At-25 Mar, 2025 | 16:14
Rejected At-
Credits

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jenkins
Assigner Org ID:39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At:06 Mar, 2024 | 17:01
Updated At:25 Mar, 2025 | 16:14
Rejected At:
▼CVE Numbering Authority (CNA)

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.

Affected Products
Vendor
JenkinsJenkins Project
Product
Jenkins OWASP Dependency-Check Plugin
Default Status
unaffected
Versions
Affected
  • From 0 through 5.4.5 (maven)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/03/06/3
N/A
Hyperlink: https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344
Resource:
vendor-advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/06/3
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344
vendor-advisory
x_transferred
http://www.openwall.com/lists/oss-security/2024/03/06/3
x_transferred
Hyperlink: https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/06/3
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jenkinsci-cert@googlegroups.com
Published At:06 Mar, 2024 | 17:15
Updated At:25 Mar, 2025 | 17:15

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CPE Matches
Jenkins
jenkins
>>owasp_dependency-check>>Versions before 5.4.6(exclusive)
cpe:2.3:a:jenkins:owasp_dependency-check:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2024/03/06/3jenkinsci-cert@googlegroups.com
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344jenkinsci-cert@googlegroups.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/03/06/3af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/06/3
Source: jenkinsci-cert@googlegroups.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/06/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8954Records found
CVE-2022-43420
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-7.56% / 91.44%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses.

Action-Not Available
Vendor-Jenkins
Product-contrast_continuous_application_securityJenkins Contrast Continuous Application Security Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43425
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-3.71% / 87.49%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-custom_checkbox_parameterJenkins Custom Checkbox Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3101
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.69%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.

Action-Not Available
Vendor-n/aJenkins
Product-extra_columnsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41229
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-5.71% / 90.06%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-ns-nd_integration_performance_publisherJenkins NS-ND Integration Performance Publisher Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41225
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-7.56% / 91.44%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.

Action-Not Available
Vendor-Jenkins
Product-anchore_container_image_scannerJenkins Anchore Container Image Scanner Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41224
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-1.23% / 78.37%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41240
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-5.28% / 89.62%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti.

Action-Not Available
Vendor-Jenkins
Product-waltiJenkins Walti Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41239
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-7.00% / 91.08%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Jenkins
Product-dotciJenkins DotCi Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-38664
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-20.59% / 95.36%
||
7 Day CHG+13.59%
Published-23 Aug, 2022 | 16:45
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.

Action-Not Available
Vendor-Jenkins
Product-job_configuration_historyJenkins Job Configuration History Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-36902
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-20.59% / 95.36%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:25
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-dynamic_extended_choice_parameterJenkins Dynamic Extended Choice Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-36905
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:25
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-maven_metadataJenkins Maven Metadata Plugin for Jenkins CI server Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34786
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-14.25% / 94.13%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:46
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

Action-Not Available
Vendor-Jenkins
Product-rich_text_publisherJenkins Rich Text Publisher Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34790
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-12.67% / 93.71%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:47
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-extreme_feedback_panelJenkins eXtreme Feedback Panel Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34784
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-18.20% / 94.94%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:46
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.

Action-Not Available
Vendor-Jenkins
Product-build-metricsJenkins build-metrics Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34777
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-30.46% / 96.54%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:45
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-gitlabJenkins GitLab Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34787
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-14.25% / 94.13%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:46
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.

Action-Not Available
Vendor-Jenkins
Product-project_inheritanceJenkins Project Inheritance Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34795
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-14.25% / 94.13%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:47
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-deployment_dashboardJenkins Deployment Dashboard Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34791
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-14.25% / 94.13%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:47
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-validating_email_parameterJenkins Validating Email Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34783
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-50.42% / 97.76%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:46
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-plotJenkins Plot Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34788
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-14.25% / 94.13%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:46
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-matrix_reloadedJenkins Matrix Reloaded Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34196
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-rest_list_parameterJenkins REST List Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34185
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-date_parameterJenkins Date Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34192
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-ontrackJenkins ontrack Jenkins Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34184
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-crx_content_package_deployerJenkins CRX Content Package Deployer Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34191
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-ns-nd_integration_performance_publisherJenkins NS-ND Integration Performance Publisher Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34190
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-maven_metadataJenkins Maven Metadata Plugin for Jenkins CI server Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34194
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-readonly_parameterJenkins Readonly Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34172
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-6.40% / 90.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34195
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-repository_connectorJenkins Repository Connector Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34188
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-hidden_parameterJenkins Hidden Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34173
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-11.82% / 93.45%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34183
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-agent_server_parameterJenkins Agent Server Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34171
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-7.29% / 91.28%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34187
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-filesystem_list_parameterJenkins Filesystem List Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34189
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-image_tag_parameterJenkins Image Tag Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34198
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-stash_branch_parameterJenkins Stash Branch Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34197
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-12.29% / 93.60%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-sauce_ondemandJenkins Sauce OnDemand Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34193
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-package_versionJenkins Package Version Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34170
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-6.40% / 90.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-23108
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:06
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-badgeJenkins Badge Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2316
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 47.73%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 14:35
Updated-04 Aug, 2024 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-static_analysis_utilitiesJenkins Static Analysis Utilities Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30961
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-autocomplete_parameterJenkins Autocomplete Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30968
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-vboxwrapperJenkins vboxwrapper Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34186
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-dynamic_extended_choice_parameterJenkins Dynamic Extended Choice Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43409
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-3.09% / 86.26%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.

Action-Not Available
Vendor-Jenkins
Product-pipeline\Jenkins Pipeline: Supporting APIs Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1000413
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 23:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins.

Action-Not Available
Vendor-n/aJenkins
Product-config_file_providern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30967
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-selection_tasksJenkins Selection tasks Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30964
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-multiselect_parameterJenkins Multiselect parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30956
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-30.41% / 96.54%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.

Action-Not Available
Vendor-Jenkins
Product-rundeckJenkins Rundeck Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30963
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-jdk_parameterJenkins JDK Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 179
  • 180
  • Next
Details not found