CVE-2022-27213 – io.jenkins.plugins:environment-dashboard

Package

Manager: maven
Name: io.jenkins.plugins:environment-dashboard
Vulnerable Version: >=0 <=1.1.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.16035 pctl0.94529

Details

Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

Metadata

Created: 2022-03-16T00:00:42Z
Modified: 2022-11-30T19:39:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-35h9-h439-vvmr/GHSA-35h9-h439-vvmr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-35h9-h439-vvmr
Finding: F425
Auto approve: 1