QwikSec

Security Database

CVE

CWE

Training

CVE-2022-27212

Published: Mar 15, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Vendor	Product	Versions
Jenkins project	Jenkins List Git Branches Parameter Plugin	affected `unspecified - <= 0.0.9` unknown `next of 0.0.9 - < unspecified`

References

https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167

x_refsource_CONFIRM

[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.