Back to search
CVE-2022-38664
Published: Aug 23, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins Job Configuration History Plugin | affected unspecified - <= 1165.v8cc9fd1f4597 |
References
https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2765
x_refsource_CONFIRM
[oss-security] 20220823 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now