Stored XSS in Jenkins Publish Over SSH Plugin by Cloudbees
CVE-2022-23110

4.8MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Publish Over Ssh Plugin
Vendor: CVE Published:; 12 January 2022

What is CVE-2022-23110?

The Jenkins Publish Over SSH Plugin up to version 1.22 contains a vulnerability due to improper escaping of the SSH server name. This flaw permits attackers with Overall/Administer permissions to exploit the vulnerability, enabling stored cross-site scripting (XSS). When exploited, malicious scripts can be injected and stored, posing a significant risk to users accessing the affected Jenkins instance. Administrators are urged to upgrade to the latest version and implement security best practices to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Publish Over SSH Plugin <= 1.22

References

https://www.jenkins.io/security/advisory/2022-01-12/#SECU...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2022/01/12/6

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Jan 11, 2022

JSON

Jenkins