CVE-2022-41224

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.main/jenkins-core

Identifiers

CVE-2022-41224

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

Affected Versions

All versions starting from 2.367 before 2.370

Solution

Upgrade to version 2.370 or above.

Last Modified

2022-09-23

source