CVE-2022-34190

moderate-risk
Published 2022-06-23

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Do I need to act?

!
25.9% chance of exploitation in next 30 days
EPSS score — higher than 74% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Jenkins

References (2)

Vendor Advisory https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784
Vendor Advisory https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784
41
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal