CVE-2022-34170

In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Published: Jun 23, 2022
Updated: May 9, 2024
CVE: CVE-2022-34170
GHSA: GHSA-62wf-24c4-8r76
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79
CWE-22

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)
A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	2.332.1	2.332.3.x
jenkins / jenkins	2.320	2.355.x
org.jenkins-ci.main / jenkins-core	2.350	2.356
org.jenkins-ci.main / jenkins-core	2.320	2.332.4
org.jenkins-ci.main / jenkins-core	2.346	2.346.1

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781

Vulnerability Database

289,599

CVE-2022-34170