CVE-2022-34787: XSS
First published: Thu Jun 30 2022(Updated: )
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Project Inheritance | <=21.04.03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Jenkins Project Inheritance Plugin vulnerability?
The vulnerability ID for this Jenkins Project Inheritance Plugin vulnerability is CVE-2022-34787.
What is the severity of CVE-2022-34787?
The severity of CVE-2022-34787 is medium.
How does the Jenkins Project Inheritance Plugin vulnerability impact the system?
The Jenkins Project Inheritance Plugin vulnerability allows attackers to exploit a cross-site scripting (XSS) vulnerability.
What versions of the Jenkins Project Inheritance Plugin are affected by CVE-2022-34787?
Versions up to and including 21.04.03 of the Jenkins Project Inheritance Plugin are affected by CVE-2022-34787.
Is there a fix available for CVE-2022-34787?
Yes, the fix for CVE-2022-34787 is available. Please refer to the Jenkins security advisory for more information.
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins project inheritance
- version/jenkins project inheritance/21.04.03