CVE-2022-29041

Summary

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Jira Pluginunspecified <= 3.7affected
Jenkins projectJenkins Jira Plugin3.6.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References