CVE-2022-34190: XSS
First published: Wed Jun 22 2022(Updated: )
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Maven Metadata | <=2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-34190?
CVE-2022-34190 is classified as a medium severity vulnerability due to its potential for stored cross-site scripting (XSS).
How do I fix CVE-2022-34190?
To fix CVE-2022-34190, users should upgrade to a version of the Jenkins Maven Metadata Plugin later than 2.1.
Who is affected by CVE-2022-34190?
CVE-2022-34190 affects users of the Jenkins CI server with Maven Metadata Plugin version 2.1 and earlier.
What are the potential consequences of exploiting CVE-2022-34190?
Exploiting CVE-2022-34190 can allow attackers to execute malicious scripts in the context of a user's session, leading to unauthorized actions or data exposure.
Is CVE-2022-34190 easy to exploit?
CVE-2022-34190 can be exploited by attackers who have access to the Item/Configure permissions, making it accessible but dependent on user privilege levels.
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/jenkins
- canonical/jenkins maven metadata
- version/jenkins maven metadata/2.1