Moderate severityNVD Advisory· Published Mar 15, 2022· Updated Aug 3, 2024
CVE-2022-27200
CVE-2022-27200
Description
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.plugins:folder-authMaven | < 1.4 | 1.4 |
Affected products
2- Jenkins project/Jenkins Folder-based Authorization Strategy Pluginv5Range: unspecified
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-5vjc-qx43-r747ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-27200ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/03/15/2ghsamailing-listx_refsource_MLISTWEB
- github.com/jenkinsci/folder-auth-plugin/commit/085df580c22902820ebba77b1201fabff098efc4ghsaWEB
- github.com/jenkinsci/folder-auth-plugin/security/advisories/GHSA-5vjc-qx43-r747ghsaWEB
- www.jenkins.io/security/advisory/2022-03-15/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2022-03-15Jenkins Security Advisories · Mar 15, 2022