VDB

CVE-2022-34173

CVE-2022-34173 PUBLISHED

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

EPSS 5.32% · 90.2th percentile

Risk Scores

EPSS Score
5.32%
90.2th percentile

Affected Products

VendorProductVersions
Bitnamijenkins2.340.0
Bitnamijenkins2.340.0

Timeline

  • Jun 22, 2022 CVE Published
  • Jun 23, 2022 EPSS Score
  • Aug 11, 2022 EPSS Score
  • Nov 14, 2022 EPSS Score
  • Jan 1, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Aug 28, 2023 EPSS Score
  • Oct 15, 2023 EPSS Score
  • Dec 2, 2023 EPSS Score
  • Mar 6, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›