CVE-2022-29036
N/A
N/A
Summary
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins Credentials Plugin | 2.6.1.1 | unaffected |
| Jenkins project | Jenkins Credentials Plugin | 1074.1076.v39c30cecb_0e2 | unaffected |
| Jenkins project | Jenkins Credentials Plugin | 1087.1089.v2f1b_9a_b_040e4 | unaffected |
| Jenkins project | Jenkins Credentials Plugin | unspecified <= 1111.v35a_307992395 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.