Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2022-20615

Published: 12/01/2022 Updated: 22/11/2023
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Jenkins

Vulnerability Summary

Jenkins Matrix Project Plugin 1.19 and previous versions does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins matrix project

oracle communications cloud native core automated test suite 1.9.0

Vendor Advisories

Red Hat: CVE-2022-20615
Jenkins Matrix Project Plugin 119 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission ...

References

CWE-79https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2017http://www.openwall.com/lists/oss-security/2022/01/12/6https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-20615
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook