CVE-2022-29039 is a vulnerability in Jenkins Gerrit Trigger
Published on April 12, 2022
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Products Associated with CVE-2022-29039
Want to know whenever a new CVE is published for Jenkins Gerrit Trigger? stack.watch will email you.
Affected Versions
Jenkins project Jenkins Gerrit Trigger Plugin:- Version unspecified, <= 2.35.2 is affected.
Exploit Probability
EPSS
16.75%
Percentile
94.89%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.