vulnerability

FreeBSD: VID-c2a89e8f-44e9-11ed-9215-00e081b7aa2d (CVE-2022-41224): jenkins -- XSS vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	Oct 5, 2022	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

Oct 5, 2022

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

Jenkins Security Advisory: Description (High) SECURITY-2886 / CVE-2022-41224 Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.

Solution

freebsd-upgrade-package-jenkins

References

CVE-2022-41224
https://attackerkb.com/topics/CVE-2022-41224
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today