Description
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686
http://www.openwall.com/lists/oss-security/2022/07/27/1
Related Vulnerabilities
CVE-2016-1000220 Vulnerability in npm package kibana
CVE-2022-24785 Vulnerability in npm package moment
CVE-2013-5960 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2023-34466 Vulnerability in maven package org.xwiki.platform:xwiki-platform-tag-api
CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-commons