CVE-2022-34795: XSS
First published: Thu Jun 30 2022(Updated: )
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Deployment Dashboard | <=1.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Jenkins Deployment Dashboard Plugin?
The vulnerability ID for Jenkins Deployment Dashboard Plugin is CVE-2022-34795.
What is the severity of CVE-2022-34795?
The severity of CVE-2022-34795 is medium with a CVSS score of 5.4.
How can an attacker exploit the vulnerability in Jenkins Deployment Dashboard Plugin?
Attackers with View/Configure permission can exploit the stored cross-site scripting (XSS) vulnerability by injecting malicious code through the environment names in the Deployment Dashboard view.
How can I fix CVE-2022-34795 in Jenkins Deployment Dashboard Plugin?
To fix CVE-2022-34795, upgrade Jenkins Deployment Dashboard Plugin to version 1.0.11 or later.
Where can I find more information about CVE-2022-34795?
You can find more information about CVE-2022-34795 in the Jenkins Security Advisory at: https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2799.
- collector/nvd-index
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins deployment dashboard
- version/jenkins deployment dashboard/1.0.10