CVE-2022-20615 in Jenkins and Oracle Products
Published on January 12, 2022

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

NVD

Products Associated with CVE-2022-20615

stack.watch emails you whenever new vulnerabilities are published in Jenkins Matrix Project or Oracle Communications Cloud Native Core Automated Test Suite. Just hit a watch button to start following.

Jenkins Matrix Project

Oracle Communications Cloud Native Core Automated Test Suite

Affected Versions

Jenkins project Jenkins Matrix Project Plugin:

Version unspecified, <= 1.19 is affected.
Version 1.18.1 is unaffected.

Exploit Probability

EPSS

2.89%

Percentile

86.09%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-20615 in Jenkins and Oracle ProductsPublished on January 12, 2022

Products Associated with CVE-2022-20615

Affected Versions

Exploit Probability

CVE-2022-20615 in Jenkins and Oracle Products
Published on January 12, 2022