Reflected Cross-Site Scripting Vulnerability in Jenkins Nested View Plugin
CVE-2022-34182
6.1MEDIUM
Summary
The Nested View Plugin for Jenkins, versions 1.20 through 1.25, is vulnerable to reflected cross-site scripting (XSS) attacks due to improper escaping of search parameters. This vulnerability allows attackers to inject malicious scripts into the search fields, potentially leading to unauthorized actions on behalf of users. It is essential for Jenkins administrators to upgrade the plugin to a secure version to mitigate potential risks.
Affected Version(s)
Jenkins Nested View Plugin 1.20
Jenkins Nested View Plugin <= 1.25
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved