Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Published

2022-07-27T15:15:10.023

Last Modified

2024-11-21T07:14:02.950

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	maven_metadata	≤ 2.2	Yes

References

http://www.openwall.com/lists/oss-security/2022/07/27/1 Mailing List, Third Party Advisory ([email protected])
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/07/27/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)