QID 730540

QID 730540: Jenkins Multiple Cross-Site Scripting (XSS) Vulnerabilities

Jenkins is an open-source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery.

Affected versions:

Jenkins weekly up to and including 2.355

Jenkins LTS up to and including LTS 2.332.3

A successful exploit could be resulting in Jenkins Multiple Cross-Site Scripting (XSS) Vulnerabilities

  • CVSS V3 rated as Critical - 8.6 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
  • Solution
    Customers are advised to upgrade to latest Jenkins version
    For further details refer to Jenkins Security Advisory 2022-06-22
    Vendor References

    CVEs related to QID 730540

    Software Advisories
    Advisory ID Software Component Link
    Jenkins Security Advisory 2022-06-22 URL Logo www.jenkins.io/security/advisory/2022-06-22/