Vulnerability Details CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-34190
-
cpe:2.3:a:jenkins:maven_metadata:1.0.0
-
cpe:2.3:a:jenkins:maven_metadata:1.1.0
-
cpe:2.3:a:jenkins:maven_metadata:1.1.1
-
cpe:2.3:a:jenkins:maven_metadata:1.2.0
-
cpe:2.3:a:jenkins:maven_metadata:1.3.0
-
cpe:2.3:a:jenkins:maven_metadata:1.4.0
-
cpe:2.3:a:jenkins:maven_metadata:1.4.1
-
cpe:2.3:a:jenkins:maven_metadata:1.5.0
-
cpe:2.3:a:jenkins:maven_metadata:2.0.0
-
cpe:2.3:a:jenkins:maven_metadata:2.1