CVE-2022-27197

Summary

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Dashboard View Pluginunspecified <= 2.18affected
Jenkins projectJenkins Dashboard View Plugin2.16.1unaffected
Jenkins projectJenkins Dashboard View Plugin2.17.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References