PT-2022-22050 · Jenkins · Jenkins Nested View Plugin+1
Kevin Guerroudj
+1
·
Published
2022-06-22
·
Updated
2023-11-03
·
CVE-2022-34182
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins Nested View Plugin versions 1.20 through 1.25
Description
The issue is related to a reflected cross-site scripting (XSS) vulnerability. This occurs because the plugin does not escape search parameters.
No information is provided about the estimated number of potentially affected devices or real-world incidents.
Recommendations
For Jenkins Nested View Plugin versions 1.20 through 1.25, update to version 1.26 or later, which escapes search parameters and resolves the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Nested View Plugin