CVE-2022-27207

Summary

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins global-build-stats Pluginunspecified <= 1.5affected
Jenkins projectJenkins global-build-stats Pluginnext of 1.5 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References