CVE-2022-34173

Summary

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins2.340 < unspecifiedaffected
Jenkins projectJenkinsunspecified <= 2.355affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References