Moderate severityNVD Advisory· Published Mar 15, 2022· Updated Aug 3, 2024
CVE-2022-27196
CVE-2022-27196
Description
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jvnet.hudson.plugins:favoriteMaven | < 2.4.1 | 2.4.1 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-874r-46c6-7p4rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-27196ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/03/15/2ghsamailing-listx_refsource_MLISTWEB
- github.com/jenkinsci/favorite-plugin/commit/543a4d87c4fade02173f793905a99adec517bc3bghsaWEB
- www.jenkins.io/security/advisory/2022-03-15/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2022-03-15Jenkins Security Advisories · Mar 15, 2022