VDB
CVE-2022-34173
CVE-2022-34173
PUBLISHED
In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
EPSS 5.32% · 90.2th percentile
Risk Scores
EPSS Score
5.32%
90.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 2.340.0 |
| Bitnami | jenkins | 2.340.0 |
Exploit Intelligence
Timeline
- Jun 22, 2022 CVE Published
- Jun 23, 2022 EPSS Score
- Aug 11, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Aug 28, 2023 EPSS Score
- Oct 15, 2023 EPSS Score
- Dec 2, 2023 EPSS Score
- Mar 6, 2024 EPSS Score