CVE-2022-29040 – org.jenkins-ci.tools:git-parameter

Package

Manager: maven
Name: org.jenkins-ci.tools:git-parameter
Vulnerable Version: >=0 <0.9.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.31598 pctl0.96651

Details

Stored XSS vulnerability in Jenkins Git Parameter Plugin Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Metadata

Created: 2022-04-13T00:00:17Z
Modified: 2022-04-29T04:21:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-fcr6-6cph-vmcm/GHSA-fcr6-6cph-vmcm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-fcr6-6cph-vmcm
Finding: F425
Auto approve: 1