Lucene search

K
cvelistJenkinsCVELIST:CVE-2022-41224
HistorySep 21, 2022 - 3:45 p.m.

CVE-2022-41224

2022-09-2115:45:46
jenkins
www.cve.org

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

CNA Affected

[
  {
    "product": "Jenkins",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.367",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.369",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%