Stored Cross-Site Scripting Vulnerability in Jenkins Plot Plugin
CVE-2022-34783

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Plot Plugin
Vendor: CVE Published:; 30 June 2022

Summary

The Jenkins Plot Plugin, specifically versions up to 2.1.10, exhibits a security flaw due to improper escaping of plot descriptions. This vulnerability allows attackers with Item/Configure permissions to inject malicious scripts, leading to stored cross-site scripting attacks. An exploited XSS can result in unauthorized data access or manipulation, making it essential for users of affected versions to implement immediate security measures.

Affected Version(s)

Jenkins Plot Plugin <= 2.1.10

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022