VDB

CESS-2022-30970

CESS-2022-30970 PUBLISHED CVSS 5.4 MEDIUM

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Risk Scores

CVSS 3.1
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Timeline

  • May 17, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›