Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rvg5-f5fj-mxvg

GitHub Security Advisory

Cross-site Scripting in Jenkins Credentials Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Packages

Maven org.jenkins-ci.plugins:credentials
Affected versions: 0 (fixed in 2.6.1.1)
Maven org.jenkins-ci.plugins:credentials
Affected versions: 2.6.2 (fixed in 1074.1076.v39c30cecb_0e2)
Maven org.jenkins-ci.plugins:credentials
Affected versions: 1087.v16065d268466 (fixed in 1087.1089.v2f1b_9a_b_040e4)
Maven org.jenkins-ci.plugins:credentials
Affected versions: 1105 (last affected: 1111.v35a)

Related CVEs

CVE-2022-29036

Key Information

GHSA ID
GHSA-rvg5-f5fj-mxvg
Published
April 13, 2022 12:00 AM
Last Modified
April 22, 2022 9:06 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:credentials
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.