Lucene search

K
cvelistJenkinsCVELIST:CVE-2022-34786
HistoryJun 30, 2022 - 5:46 p.m.

CVE-2022-34786

2022-06-3017:46:46
jenkins
www.cve.org
3
jenkins
rich text publisher
xss
vulnerability
configuration

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

22.0%

Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

CNA Affected

[
  {
    "product": "Jenkins Rich Text Publisher Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.4",
        "versionType": "custom"
      }
    ]
  }
]

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

22.0%

Related for CVELIST:CVE-2022-34786