CVE-2022-34172

Summary

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.340 < unspecifiedaffected
Jenkins projectJenkinsunspecified <= 2.355affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References