CVE-2022-34171
N/A
N/A
Summary
In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins | 2.321 < unspecified | affected |
| Jenkins project | Jenkins | unspecified <= 2.355 | affected |
| Jenkins project | Jenkins | LTS 2.332.1 < unspecified | affected |
| Jenkins project | Jenkins | unspecified <= LTS 2.332.3 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.