Vulnerability Details CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.316
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-29039
-
cpe:2.3:a:jenkins:gerrit_trigger:2.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.1.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.10.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.10.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.11.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.11.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.12.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.13.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.14.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.15.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.15.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.15.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.16.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.17.5
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.18.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.19.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.20.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.21.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.21.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.22.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.23.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.24.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.25.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.26.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.26.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.26.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.5
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.6
-
cpe:2.3:a:jenkins:gerrit_trigger:2.27.7
-
cpe:2.3:a:jenkins:gerrit_trigger:2.28.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.29.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.3.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.3.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.30.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.30.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.30.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.30.3
-
cpe:2.3:a:jenkins:gerrit_trigger:2.30.4
-
cpe:2.3:a:jenkins:gerrit_trigger:2.30.5
-
cpe:2.3:a:jenkins:gerrit_trigger:2.31.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.32.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.32.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.33.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.34.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.35.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.35.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.35.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.4.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.5.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.5.1
-
cpe:2.3:a:jenkins:gerrit_trigger:2.5.2
-
cpe:2.3:a:jenkins:gerrit_trigger:2.6.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.7.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.8.0
-
cpe:2.3:a:jenkins:gerrit_trigger:2.9.0