logo

Database

Server side cross-site scripting In org.jenkins-ci.main:jenkins-core

Description

Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters.

This vulnerability is known to be exploitable by attackers with Job/Configure permission.

Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of tooltip parameters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-341722. NVD-2022-341723. OSV-2022-341724. GCVE-2022-34172

References

1. https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.