4 matches found
BIT-JENKINS-2022-34172
In Jenkins 2.340 through 2.355 both inclusive symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting XSS vulnerability...
CVE-2022-34172
In Jenkins 2.340 through 2.355 both inclusive symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting XSS vulnerability...
Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescap...
CVE-2022-34172
In Jenkins 2.340 through 2.355 both inclusive symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting XSS vulnerability...