vulnerability
Jenkins Advisory 2022-01-12: CVE-2022-20615: Stored XSS vulnerability in Matrix Project Plugin
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Jan 13, 2022 | Jan 13, 2022 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Jan 13, 2022
Added
Jan 13, 2022
Modified
Aug 11, 2025
Description
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
Solutions
jenkins-lts-upgrade-2_319_2jenkins-upgrade-2_330
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.