Jenkins Maven Metadata Plugin <=2.2 Stored XSS via unvalidated URL
CVE-2022-36905 Published on July 27, 2022

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

NVD

Products Associated with CVE-2022-36905

Want to know whenever a new CVE is published for Jenkins Maven Metadata? stack.watch will email you.

Jenkins Maven Metadata

Affected Versions

Jenkins project Jenkins Maven Metadata Plugin for Jenkins CI server Plugin:

Version unspecified, <= 2.2 is affected.
Version next of 2.2 and below unspecified is unknown.

Exploit Probability

EPSS

0.56%

Percentile

68.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Maven Metadata Plugin <=2.2 Stored XSS via unvalidated URLCVE-2022-36905 Published on July 27, 2022

Products Associated with CVE-2022-36905

Affected Versions

Exploit Probability

Jenkins Maven Metadata Plugin <=2.2 Stored XSS via unvalidated URL
CVE-2022-36905 Published on July 27, 2022