CVE-2022-34189

Description

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	NONE
AvailabilityImpact	NONE
IntegrityImpact	PARTIAL
BaseScore	3.5
VectorString	AV:N/AC:M/Au:S/C:N/I:P/A:N
Version	2.0
AccessVector	NETWORK
Authentication	SINGLE

Created by Yello

About Severity.io