Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-27196

UNKNOWN
Published 2022-03-15T16:45:38
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-27196. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins Favorite Plugin

Affected Versions:

unspecified 2.3.3.1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin

GHSA-874r-46c6-7p4r

Advisory Details

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.

Affected Packages

Maven org.jvnet.hudson.plugins:favorite
ECOSYSTEM: ≥0 <2.4.1

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-27196
WEB https://github.com/jenkinsci/favorite-plugin/commit/543a4d87c4fade02173f793905a99adec517bc3b
PACKAGE https://github.com/jenkinsci/favorite-plugin
WEB https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2557
WEB http://www.openwall.com/lists/oss-security/2022/03/15/2

Advisory provided by GitHub Security Advisory Database. Published: March 16, 2022, Modified: October 27, 2023

References

https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2557
http://www.openwall.com/lists/oss-security/2022/03/15/2
Published: 2022-03-15T16:45:38
Last Modified: 2024-08-03T05:25:31.127Z
Copied to clipboard!