CVE-2022-29036
Summary
| CVE | CVE-2022-29036 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-04-12 20:15:00 UTC |
|---|
| Updated | 2023-11-17 17:20:00 UTC |
|---|
| Description | Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Jenkins |
Credentials |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| Jenkins Security Advisory 2022-04-12 |
CONFIRM |
www.jenkins.io |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240353 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:2205)
- 240386 Red Hat OpenShift Container Platform 5 Security Update (RHSA-2022:2280)
- 240457 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:4909)
- 240478 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2022:4947)
- 770152 Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:2205)
- 770154 Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:4909)
- 770159 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2022:4947)
