Vulnerability Details CVE-2022-29042
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.316
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-29042
-
cpe:2.3:a:jenkins:job_generator:1.0
-
cpe:2.3:a:jenkins:job_generator:1.01
-
cpe:2.3:a:jenkins:job_generator:1.02
-
cpe:2.3:a:jenkins:job_generator:1.03
-
cpe:2.3:a:jenkins:job_generator:1.04
-
cpe:2.3:a:jenkins:job_generator:1.05
-
cpe:2.3:a:jenkins:job_generator:1.06
-
cpe:2.3:a:jenkins:job_generator:1.07
-
cpe:2.3:a:jenkins:job_generator:1.08
-
cpe:2.3:a:jenkins:job_generator:1.09
-
cpe:2.3:a:jenkins:job_generator:1.10
-
cpe:2.3:a:jenkins:job_generator:1.11
-
cpe:2.3:a:jenkins:job_generator:1.12
-
cpe:2.3:a:jenkins:job_generator:1.13
-
cpe:2.3:a:jenkins:job_generator:1.14
-
cpe:2.3:a:jenkins:job_generator:1.15
-
cpe:2.3:a:jenkins:job_generator:1.16
-
cpe:2.3:a:jenkins:job_generator:1.17
-
cpe:2.3:a:jenkins:job_generator:1.18
-
cpe:2.3:a:jenkins:job_generator:1.19
-
cpe:2.3:a:jenkins:job_generator:1.20
-
cpe:2.3:a:jenkins:job_generator:1.21
-
cpe:2.3:a:jenkins:job_generator:1.22