Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-23108

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.259
EPSS Ranking 96.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2022-23108
  • Jenkins » Badge » Version: 1.0
    cpe:2.3:a:jenkins:badge:1.0
  • Jenkins » Badge » Version: 1.1
    cpe:2.3:a:jenkins:badge:1.1
  • Jenkins » Badge » Version: 1.2
    cpe:2.3:a:jenkins:badge:1.2
  • Jenkins » Badge » Version: 1.3
    cpe:2.3:a:jenkins:badge:1.3
  • Jenkins » Badge » Version: 1.4
    cpe:2.3:a:jenkins:badge:1.4
  • Jenkins » Badge » Version: 1.5
    cpe:2.3:a:jenkins:badge:1.5
  • Jenkins » Badge » Version: 1.6
    cpe:2.3:a:jenkins:badge:1.6
  • Jenkins » Badge » Version: 1.7
    cpe:2.3:a:jenkins:badge:1.7
  • Jenkins » Badge » Version: 1.8
    cpe:2.3:a:jenkins:badge:1.8
  • Jenkins » Badge » Version: 1.9
    cpe:2.3:a:jenkins:badge:1.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved