CVE-2022-29041
Description
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
13.845
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2019-16541,CVE-2022-29041 are affected in Atlassian Jira 3.0.10 | Windows |
| Vulnerabilities CVE-2022-29041 are fixed in Jenkins - jira 3.7.1 | Windows |
| Vulnerabilities CVE-2022-29041 are fixed in Jenkins - jira 3.6.1 | Windows |
| Vulnerabilities CVE-2022-29041 are fixed in Jenkins - jira for Linux 3.7.1 | Linux |
| Vulnerabilities CVE-2022-29041 are fixed in Jenkins - jira for Linux 3.6.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234