CVE-2022-30956 is a vulnerability in Jenkins Rundeck
Published on May 17, 2022
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
Products Associated with CVE-2022-30956
Want to know whenever a new CVE is published for Jenkins Rundeck? stack.watch will email you.
Affected Versions
Jenkins project Jenkins Rundeck Plugin:- Version unspecified, <= 3.6.10 is affected.
Exploit Probability
EPSS
10.86%
Percentile
93.30%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.