CVE-2022-30970

Summary

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Autocomplete Parameter Pluginunspecified <= 1.1affected
Jenkins projectJenkins Autocomplete Parameter Pluginnext of 1.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References