Vulnerability Details CVE-2022-27207
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.06
EPSS Ranking 90.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2022-27207
-
cpe:2.3:a:jenkins:global-build-stats:0.1
-
cpe:2.3:a:jenkins:global-build-stats:0.2
-
cpe:2.3:a:jenkins:global-build-stats:0.3
-
cpe:2.3:a:jenkins:global-build-stats:0.3.1
-
cpe:2.3:a:jenkins:global-build-stats:0.4
-
cpe:2.3:a:jenkins:global-build-stats:0.4.1
-
cpe:2.3:a:jenkins:global-build-stats:0.5
-
cpe:2.3:a:jenkins:global-build-stats:1.0
-
cpe:2.3:a:jenkins:global-build-stats:1.1
-
cpe:2.3:a:jenkins:global-build-stats:1.2
-
cpe:2.3:a:jenkins:global-build-stats:1.3
-
cpe:2.3:a:jenkins:global-build-stats:1.4
-
cpe:2.3:a:jenkins:global-build-stats:1.5