CVE-2022-27213

Name of the Vulnerable Software and Affected Versions Jenkins Environment Dashboard Plugin versions 1.1.10 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the Environment order and the Component order configuration values in the views are not properly escaped. This vulnerability can be exploited by attackers who have View/Configure permission.

Recommendations For Jenkins Environment Dashboard Plugin versions 1.1.10 and earlier, update to a version later than 1.1.10 to resolve the issue. As a temporary workaround, consider restricting access to the views that contain the Environment order and the Component order configuration values to minimize the risk of exploitation.