Stored Cross-Site Scripting Vulnerability in Jenkins Agent Server Parameter Plugin
CVE-2022-25191
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 15 February 2022
What is CVE-2022-25191?
The Jenkins Agent Server Parameter Plugin, up to version 1.0, is susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw arises from the failure to properly escape parameter names in agent server parameters. Consequently, an attacker with Item/Configure permission may exploit this vulnerability to inject malicious scripts, potentially compromising user data and applications. It underscores the importance of securing plugins and validating inputs to prevent such security breaches.
Affected Version(s)
Jenkins Agent Server Parameter Plugin <= 1.0