Moderate severityNVD Advisory· Published Jan 12, 2022· Updated Aug 3, 2024
CVE-2022-20615
CVE-2022-20615
Description
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:matrix-projectMaven | >= 1.19, < 1.20 | 1.20 |
org.jenkins-ci.plugins:matrix-projectMaven | < 1.18.1 | 1.18.1 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-vqwg-4v6f-h6x5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-20615ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/01/12/6ghsamailing-listx_refsource_MLISTWEB
- github.com/CVEProject/cvelist/blob/2d78eb36f4d084db7fb35f1535d8d84fdcb7d859/2022/20xxx/CVE-2022-20615.jsonghsaWEB
- github.com/jenkinsci/matrix-project-plugin/commit/78cc60556304965ffb2dd8c017bf61d4f153f5eaghsaWEB
- www.jenkins.io/security/advisory/2022-01-12/ghsax_refsource_CONFIRMWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
News mentions
1- Jenkins Security Advisory 2022-01-12Jenkins Security Advisories · Jan 12, 2022