VDB

BIT-jenkins-2022-34173

BIT-jenkins-2022-34173 PUBLISHED CVSS 5.400000095367432 MEDIUM

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Risk Scores

CVSS v3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Bitnamijenkins2.340.0, 2.340.0, 2.340.0

Timeline

  • Mar 6, 2024 CVE Published
  • Apr 3, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›