Lucene search
JenkinsCVELIST:CVE-2022-34190HistoryJun 22, 2022 - 2:41 p.m.
CVE-2022-34190
2022-06-2214:41:21
jenkins
www.cve.org
6
jenkins
maven metadata plugin
xss
vulnerability
parameter views
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CNA Affected
[
{
"product": "Jenkins Maven Metadata Plugin for Jenkins CI server Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.1",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
prion
prion
Cross site scripting
2022-06-23 17:15:00
nvd
nvd
CVE-2022-34190
2022-06-23 17:15:16
cve
cve
CVE-2022-34190
2022-06-23 17:15:16
github
github
Cross-site Scripting in Jenkins Maven Metadata Plugin
2022-06-24 00:00:31
osv
osv
Cross-site Scripting in Jenkins Maven Metadata Plugin
2022-06-24 00:00:31
nessus
nessus
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.14 / 2.332.4.1 / 2.346.1.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-06-22)
2022-07-05 00:00:00
Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities
2022-07-15 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
2022-07-15 00:00:00