Description

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Remediation

References

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784

Related Vulnerabilities

CVE-2023-32262 Vulnerability in maven package org.jenkins-ci.plugins:dimensionsscm

CVE-2023-46732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-skin-resources

CVE-2023-1664 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2018-8010 Vulnerability in maven package org.apache.solr:solr-core

CVE-2018-1000610 Vulnerability in maven package io.jenkins:configuration-as-code

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory