CVE-2022-34194

MEDIUM

Jenkins Readonly Parameter Plugin <1.0.0 - XSS

Title source: llm
STIX 2.1

Description

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.1755
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
jenkins/readonly_parameter < 1.0.0
org.jenkins-ci.plugins/readonly-parameters 0Maven
Published Jun 23, 2022
Tracked Since Feb 18, 2026