FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- XSS vulnerability

Affected packages
jenkins < 2.370


VuXML ID c2a89e8f-44e9-11ed-9215-00e081b7aa2d
Discovery 2022-09-21
Entry 2022-10-05
Modified 2022-10-07

Jenkins Security Advisory:


(High) SECURITY-2886 / CVE-2022-41224

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.


CVE Name CVE-2022-41224