Vulnerability Description
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Maven Metadata | <= 2.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/07/27/1Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/07/27/1Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686Vendor Advisory
FAQ
What is CVE-2022-36905?
CVE-2022-36905 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored...
How severe is CVE-2022-36905?
CVE-2022-36905 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36905?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Maven Metadata.