FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- XSS vulnerability

Affected packages
jenkins < 2.370

Details

VuXML ID c2a89e8f-44e9-11ed-9215-00e081b7aa2d
Discovery 2022-09-21
Entry 2022-10-05
Modified 2022-10-07

Jenkins Security Advisory:

Description

(High) SECURITY-2886 / CVE-2022-41224

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.

References

CVE Name CVE-2022-41224
URL https://www.jenkins.io/security/advisory/2022-09-21/