Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

Nested View Plugin 1.26 escapes search parameters

Affected Packages

Maven org.jenkins-ci.plugins:nested-view

Affected versions: 1.20 (fixed in 1.26)

Related CVEs

CVE-2022-34182

Key Information

GHSA ID

GHSA-h642-5h74-3x9c

Published

June 24, 2022 12:00 AM

Last Modified

December 5, 2022 10:29 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:nested-view

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.