CVE-2022-30967: XSS
First published: Tue May 17 2022(Updated: )
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Selection Tasks | <=1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-30967?
CVE-2022-30967 is a vulnerability in Jenkins Selection tasks Plugin 1.0 and earlier, which allows for stored cross-site scripting (XSS) attacks.
How severe is CVE-2022-30967?
CVE-2022-30967 has a severity score of 5.4, which is considered medium.
How does CVE-2022-30967 affect Jenkins?
CVE-2022-30967 affects Jenkins Selection tasks Plugin 1.0 and earlier, allowing attackers with Item/Configure permission to exploit a stored XSS vulnerability.
How can I fix CVE-2022-30967?
To fix CVE-2022-30967, it is recommended to upgrade to a version of Jenkins Selection tasks Plugin that is not affected by this vulnerability.
Where can I find more information about CVE-2022-30967?
You can find more information about CVE-2022-30967 in the Jenkins security advisory at https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717.
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/type
- vendor/jenkins
- canonical/jenkins selection tasks
- version/jenkins selection tasks/1.0