CVE-2022-29046

Updated: 2024-11-30 03:34:58.873549

Description:

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 3.5
CVSS Version 3.x MEDIUM 5.4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS subversion 1.6.11 5.4 MEDIUM Ignored 2022-04-21 07:04:37
CentOS 8.4 ELS subversion 1.10.2 5.4 MEDIUM Ignored 2022-04-21 07:04:37
CentOS 8.5 ELS subversion 1.10.2 5.4 MEDIUM Ignored 2022-04-24 12:48:26
CloudLinux 6 ELS subversion 1.6.11 5.4 MEDIUM Ignored 2022-04-21 07:04:37
Oracle Linux 6 ELS subversion 1.6.11 5.4 MEDIUM Ignored 2022-04-21 07:04:37
Ubuntu 16.04 ELS subversion 1.9.3-2 5.4 MEDIUM Ignored 2022-04-21 07:04:37
Ubuntu 18.04 ELS subversion 1.9.7-4 5.4 MEDIUM Ignored 2023-06-22 17:07:11