CVE-2022-29046
N/A
N/A
Summary
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins Subversion Plugin | unspecified <= 2.15.3 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617
- https://support.apple.com/kb/HT213345
- http://seclists.org/fulldisclosure/2022/Jul/18
References
- https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617
- https://support.apple.com/kb/HT213345
- http://seclists.org/fulldisclosure/2022/Jul/18
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.