Description
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686
Related Vulnerabilities
CVE-2022-41710 Vulnerability in npm package electron-markdownify
CVE-2021-41183 Vulnerability in npm package jquery-ui
CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-proxy
CVE-2023-46494 Vulnerability in npm package @evershop/evershop
CVE-2019-10768 Vulnerability in maven package org.webjars.bower:angular