CVE-2022-34788

Summary

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Matrix Reloaded Pluginunspecified <= 1.1.3affected
Jenkins projectJenkins Matrix Reloaded Pluginnext of 1.1.3 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References