Mend Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-34170

Good to know:

icon
icon

Date: June 23, 2022

In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Language: Java

Severity Score

Related Resources (4)

http://www.openwall.com/lists/oss-security/2022/06/22/3
https://nvd.nist.gov/vuln/detail/CVE-2022-34170
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781
https://www.mend.io/vulnerability-database/CVE-2022-34170

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.356,2.332.4,2.346.1

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):
Integrity (I):
Availability (A):

Do you need more information?

Contact Us