CVE-2022-23110

Summary

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Publish Over SSH Pluginunspecified <= 1.22affected
Jenkins projectJenkins Publish Over SSH Pluginnext of 1.22 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References