Stored Cross-Site Scripting in Jenkins Folder-Based Authorization Strategy Plugin
CVE-2022-27200

4.8MEDIUM

What is CVE-2022-27200?

The Folder-based Authorization Strategy Plugin for Jenkins prior to version 1.4 fails to properly escape role names displayed on its configuration form. This flaw allows attackers with Overall/Administer permissions to inject malicious scripts into the configuration interface, leading to stored cross-site scripting vulnerabilities that could compromise the security of the application and its users.

Affected Version(s)

Jenkins Folder-based Authorization Strategy Plugin <= 1.3

References

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.