Lucene search

K
cvelistJenkinsCVELIST:CVE-2022-29041
HistoryApr 12, 2022 - 7:50 p.m.

CVE-2022-29041

2022-04-1219:50:36
jenkins
www.cve.org

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CNA Affected

[
  {
    "product": "Jenkins Jira Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "3.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "3.6.1"
      }
    ]
  }
]

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%