Stored Cross-Site Scripting Vulnerability in Jenkins Jira Plugin
CVE-2022-29041

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Jira Plugin
Vendor: CVE Published:; 12 April 2022

What is CVE-2022-29041?

The Jira Plugin for Jenkins, versions 3.7 and earlier (excluding version 3.6.1), contains a vulnerability that allows attackers with Item/Configure permissions to exploit stored cross-site scripting (XSS). This occurs due to inadequate escaping of the name and description parameters related to Jira Issues and Releases, affecting views that display these parameters. Successful exploitation can lead to unauthorized access and potential manipulation of user sessions, making it critical for users to update their plugins to the latest secure version.

Affected Version(s)

Jenkins Jira Plugin <= 3.7

Jenkins Jira Plugin 3.6.1

References

https://www.jenkins.io/security/advisory/2022-04-12/#SECU...

x_refsource_CONFIRM

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Apr 11, 2022