CVE-2022-27213

Summary

Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Environment Dashboard Pluginunspecified <= 1.1.10affected
Jenkins projectJenkins Environment Dashboard Pluginnext of 1.1.10 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References