Lucene search

China National Vulnerability DatabaseCNVD-2022-66007

HistoryJun 24, 2022 - 12:00 a.m.

Jenkins Maven Metadata for CI server Plugin Cross-Site Scripting Vulnerability

2022-06-2400:00:00

China National Vulnerability Database

www.cnvd.org.cn

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins Maven Metadata for CI server Plugin version 2.1 and earlier. The vulnerability stems from a failure to escape the name and description of the List maven artifact versions parameter on the view where the parameter is displayed, which can be exploited by an attacker to execute JavaScript code on the client side.

CPENameOperatorVersion
jenkins maven metadata for ci server pluginle2.1

CPE	Name	Operator	Version
	jenkins maven metadata for ci server plugin	le	2.1

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Related for CNVD-2022-66007