Lucene search
GoogleOSV:GHSA-XPVP-H73C-M9RQHistorySep 22, 2022 - 12:00 a.m.
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
2022-09-2200:00:28
Google
osv.dev
7
0.001 Low
EPSS
Percentile
33.1%
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
As of publication, the Jenkins security team is unaware of any exploitable help icon/tooltip in Jenkins core or plugins published by the Jenkins project. The vast majority of help icons use the l:help component instead of l:helpIcon. The few known instances of l:helpIcon do not have user-controllable tooltip contents.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | eq | 2.368 | |
| org.jenkins-ci.main:jenkins-core | eq | 2.367 | |
| org.jenkins-ci.main:jenkins-core | eq | 2.369 |
Related
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
2022-10-07 00:00:00
Jenkins weekly < 2.370 Multiple Vulnerabilities
2022-10-07 00:00:00
openvas
openvas
Jenkins XSS Vulnerability (SECURITY-2886) - Linux
2022-09-22 00:00:00
Jenkins XSS Vulnerability (SECURITY-2886) - Windows
2022-09-22 00:00:00
cve
cve
CVE-2022-41224
2022-09-21 16:15:00
osv
osv
BIT-jenkins-2022-41224
2024-03-06 10:56:58
CVE-2022-41224
2022-09-21 16:15:09
freebsd
freebsd
jenkins -- XSS vulnerability
2022-09-21 00:00:00
github
github
prion
prion
Cross site scripting
2022-09-21 16:15:00
cvelist
cvelist
CVE-2022-41224
2022-09-21 15:45:46
redhatcve
redhatcve
CVE-2022-41224
2022-09-22 07:18:58