Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2022-20615

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • Jenkins project

Products

  • Jenkins Matrix Project Plugin

Additional Info

Technical Analysis