3 matches found
CVE-2022-27196
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...
io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2022-27196 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.3.1)
org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2022-27196 Source advisory: OSV:GHSA-874R-46C6-7P4R...
CVE-2022-27196
The CVE-2022-27196 entry concerns Jenkins Favorite Plugin (versions up to 2.4.0 and earlier). The vulnerability arises because the plugin does not escape job names in the favorite column, causing stored XSS. This is exploitable by attackers with Item/Configure or Item/Create permissions. Connecte...