Moderate severityNVD Advisory· Published Apr 12, 2022· Updated Aug 3, 2024

CVE-2022-29041

Description

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:jiraMaven	>= 3.7.0, < 3.7.1	3.7.1
org.jenkins-ci.plugins:jiraMaven	< 3.6.1	3.6.1

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.plugins/jira
Range: >= 3.7.0, < 3.7.1
Jenkins Project/Jira Plugincpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-m3p3-2gp6-ghq8ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-29041ghsaADVISORY
github.com/jenkinsci/jira-plugin/commit/e1eed0d64b4e32ce84946d632dab76c3f0ff6c4eghsaWEB
www.jenkins.io/security/advisory/2022-04-12/ghsax_refsource_CONFIRMWEB

News mentions

Jenkins Security Advisory 2022-04-12
Jenkins Security Advisories · Apr 12, 2022

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000