Lucene search
JenkinsCVELIST:CVE-2022-36905HistoryJul 27, 2022 - 2:25 p.m.
CVE-2022-36905
2022-07-2714:25:53
jenkins
www.cve.org
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CNA Affected
[
{
"product": "Jenkins Maven Metadata Plugin for Jenkins CI server Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.2",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-36905
2022-07-27 15:15:10
prion
prion
Cross site scripting
2022-07-27 15:15:00
nvd
nvd
CVE-2022-36905
2022-07-27 15:15:10
github
github
osv
osv
