CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-34170

In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 4.3

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781

Products affected by CVE-2022-34170

Jenkins » Jenkins » Version: Any

cpe:2.3:a:jenkins:jenkins:*
Jenkins » Jenkins » Version: 2.333

cpe:2.3:a:jenkins:jenkins:2.333
Jenkins » Jenkins » Version: 2.334

cpe:2.3:a:jenkins:jenkins:2.334

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-34170

Products

Pricing

Contact Us