vulnerability

Red Hat OpenShift: CVE-2022-29041: Jira: Stored XSS vulnerabilities in Jenkins Jira plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Apr 12, 2022	May 20, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Apr 12, 2022

Added

May 20, 2022

Modified

Aug 11, 2025

Description

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Solution

linuxrpm-upgrade-jenkins-2-plugins

References

CVE-2022-29041
https://attackerkb.com/topics/CVE-2022-29041
CWE-79
REDHAT-RHSA-2022:1600
REDHAT-RHSA-2022:2205

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today