First published: Tue May 17 2022(Updated: )
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Selection Tasks | <=1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30967 is a vulnerability in Jenkins Selection tasks Plugin 1.0 and earlier, which allows for stored cross-site scripting (XSS) attacks.
CVE-2022-30967 has a severity score of 5.4, which is considered medium.
CVE-2022-30967 affects Jenkins Selection tasks Plugin 1.0 and earlier, allowing attackers with Item/Configure permission to exploit a stored XSS vulnerability.
To fix CVE-2022-30967, it is recommended to upgrade to a version of Jenkins Selection tasks Plugin that is not affected by this vulnerability.
You can find more information about CVE-2022-30967 in the Jenkins security advisory at https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717.