CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-34171

In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.064

EPSS Ranking 90.6%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 4.3

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781

Products affected by CVE-2022-34171

Jenkins » Jenkins » Version: Any

cpe:2.3:a:jenkins:jenkins:*
Jenkins » Jenkins » Version: 2.333

cpe:2.3:a:jenkins:jenkins:2.333
Jenkins » Jenkins » Version: 2.334

cpe:2.3:a:jenkins:jenkins:2.334

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-34171

Products

Pricing

Contact Us