CVE-2022-36905
27.07.2022, 15:15
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
| Vendor | Product | Version |
|---|---|---|
| jenkins | maven_metadata | 𝑥 ≤ 2.2 |
𝑥
= Vulnerable software versions