Back to search
CVE-2022-41224
Published: Sep 21, 2022
Modified: May 28, 2025
PUBLISHED
Description
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins | affected 2.367 - < unspecifiedaffected unspecified - <= 2.369 |
References
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2886
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now