Stored Cross-Site Scripting Vulnerability in Jenkins Plot Plugin
CVE-2022-34783

5.4MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Plot Plugin
Vendor
CVE Published:
30 June 2022
đź”” Create Jenkins Vulnerability Alert

What is CVE-2022-34783?

The Jenkins Plot Plugin, specifically versions up to 2.1.10, exhibits a security flaw due to improper escaping of plot descriptions. This vulnerability allows attackers with Item/Configure permissions to inject malicious scripts, leading to stored cross-site scripting attacks. An exploited XSS can result in unauthorized data access or manipulation, making it essential for users of affected versions to implement immediate security measures.

Affected Version(s)

Jenkins Plot Plugin <= 2.1.10

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...
x_refsource_CONFIRM

EPSS Score

64% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.