CVE-2022-25191

Name of the Vulnerable Software and Affected Versions Jenkins Agent Server Parameter Plugin versions 1.0 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the plugin does not escape parameter names of agent server parameters. Attackers with Item/Configure permission can exploit this.

Recommendations For Jenkins Agent Server Parameter Plugin versions 1.0 and earlier, update to a version that fixes the stored cross-site scripting vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.