CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25202

Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.6%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2334
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2334

Products affected by CVE-2022-25202

Jenkins » Promoted Builds (Simple) » Version: N/A

cpe:2.3:a:jenkins:promoted_builds_(simple):-
Jenkins » Promoted Builds (Simple) » Version: 1.7

cpe:2.3:a:jenkins:promoted_builds_(simple):1.7
Jenkins » Promoted Builds (Simple) » Version: 1.8

cpe:2.3:a:jenkins:promoted_builds_(simple):1.8
Jenkins » Promoted Builds (Simple) » Version: 1.9

cpe:2.3:a:jenkins:promoted_builds_(simple):1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25202

Products

Pricing

Contact Us