CVE-2022-29037

Name of the Vulnerable Software and Affected Versions Jenkins CVS Plugin versions 2.19 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the name and description of CVS Symbolic Name parameters on views displaying parameters are not properly escaped. Attackers with Item/Configure permission can exploit this vulnerability.

Recommendations For Jenkins CVS Plugin versions 2.19 and earlier, consider disabling the display of CVS Symbolic Name parameters on views until a patch is available. Restrict access to views displaying parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.