Vulnerability Description
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Subversion | <= 2.15.3 |
| Apple | Macos | >= 12.0, < 12.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2022/Jul/18Mailing ListThird Party Advisory
- https://support.apple.com/kb/HT213345Third Party Advisory
- https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617Vendor Advisory
- http://seclists.org/fulldisclosure/2022/Jul/18Mailing ListThird Party Advisory
- https://support.apple.com/kb/HT213345Third Party Advisory
- https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617Vendor Advisory
FAQ
What is CVE-2022-29046?
CVE-2022-29046 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scr...
How severe is CVE-2022-29046?
CVE-2022-29046 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29046?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Subversion, Apple Macos.