CVE-2022-36905

Name of the Vulnerable Software and Affected Versions Jenkins Maven Metadata Plugin versions 2.2 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs due to the lack of URL validation for the Repository Base URL of List maven artifact versions parameters. This allows an attacker with Item/Configure permission to exploit the vulnerability, potentially leading to a cross-site scripting attack. The vulnerability can be exploited by a remote attacker.

Recommendations For Jenkins Maven Metadata Plugin versions 2.2 and earlier, update to a version that includes URL validation for the Repository Base URL of List maven artifact versions parameters to prevent stored cross-site scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.