vulnerability

Jenkins Advisory 2022-06-22: CVE-2022-34170: CVE-2022-34171: CVE-2022-34172: CVE-2022-34173: Multiple XSS vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jun 23, 2022	Jul 12, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jun 23, 2022

Added

Jul 12, 2022

Modified

Aug 11, 2025

Description

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Solutions

jenkins-lts-upgrade-2_332_4jenkins-upgrade-2_356

References

CVE-2022-34170
https://attackerkb.com/topics/CVE-2022-34170
CVE-2022-34171
https://attackerkb.com/topics/CVE-2022-34171
CVE-2022-34172
https://attackerkb.com/topics/CVE-2022-34172
CVE-2022-34173
https://attackerkb.com/topics/CVE-2022-34173
CWE-79
URL-https://jenkins.io/security/advisory/2022-06-22/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today