Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-20615

Related Vulnerabilities: CVE-2022-20615  

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Source

Description

The MITRE CVE dictionary describes this issue as:

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Additional Information

  • Bugzilla 2044499: CVE-2022-20615 jenkins-2-plugins/matrix-project: does not escape HTML metacharacters which could result in XSS
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • FAQ: Frequently asked questions about CVE-2022-20615

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started