Cross-Site Scripting Flaw in Jenkins Project Inheritance Plugin
CVE-2022-34787

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Inheritance Plugin
Vendor: CVE Published:; 30 June 2022

Summary

The Jenkins Project Inheritance Plugin up to version 21.04.03 contains an XSS vulnerability where the reason for blocking a build is not properly escaped in tooltips. This flaw allows attackers who can control the reason a queue item is blocked to inject malicious scripts into the web interface, potentially compromising the security of the Jenkins environment and the data processed within.

Affected Version(s)

Jenkins Project Inheritance Plugin <= 21.04.03

References

https://www.jenkins.io/security/advisory/2022-06-30/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2022
Vulnerability Reserved
Jun 29, 2022