CVE-2022-27196

Summary

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Favorite Pluginunspecified <= 2.4.0affected
Jenkins projectJenkins Favorite Plugin2.3.3.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References