Stored Cross-Site Scripting Vulnerability in Jenkins Matrix Project Plugin
CVE-2022-20615
5.4MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 12 January 2022
Summary
The Jenkins Matrix Project Plugin, specifically versions 1.19 and earlier, is susceptible to a stored cross-site scripting vulnerability. This issue arises from the plugin's failure to properly escape HTML metacharacters in node and label names, as well as in label descriptions. As a result, attackers with Agent/Configure permission may exploit this vulnerability to inject malicious scripts, potentially compromising the security of affected systems.
Affected Version(s)
Jenkins Matrix Project Plugin <= 1.19
Jenkins Matrix Project Plugin 1.18.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved