Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2022/08/19 5:14 a.m.63 views

CVE-2022-34170

In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting XSS vulnerability exploitable by attacker...

6.1CVSS1.4AI score0.01361EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/06/24 12:0 a.m.30 views

Jenkins 2.320 < 2.356, 2.332.1 LTS < 2.332.4 LTS XSS Vulnerability (SECURITY-2779) - Windows

Jenkins is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

5.4CVSS5.5AI score0.01361EPSS
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.18 views

CVE-2022-34170

In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting XSS vulnerability exploitable by attacker...

5.4CVSS0.01361EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/06/23 12:0 a.m.54 views

FreeBSD : jenkins -- multiple vulnerabilities (25be46f0-f25d-11ec-b62a-00e081b7aa2d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 25be46f0-f25d-11ec-b62a-00e081b7aa2d advisory. - In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both...

7.5CVSS6.1AI score0.01361EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/06/22 2:40 p.m.29 views

CVE-2022-34170

In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting XSS vulnerability exploitable by attacker...

5.7AI score0.01361EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:40 p.m.183 views

CVE-2022-34170

Summary (CVE-2022-34170): Jenkins core versions 2.320–2.355 and LTS 2.332.1–2.332.3 suffer an XSS in tooltips where the help icon’s tooltip does not escape the feature name, undoing the fix for SECURITY-1955. This enables stored XSS by attackers with Job/Configure permission via the UI. The issue...

5.4CVSS5.3AI score0.01361EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder