Moderate severityNVD Advisory· Published Apr 12, 2022· Updated Aug 3, 2024

CVE-2022-29042

Description

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:jobgeneratorMaven	<= 1.22	—

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.plugins/jobgenerator
Range: <= 1.22
Jenkins project/Jenkins Job Generator Pluginv5
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-f3jq-9c79-j65mghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-29042ghsaADVISORY
www.jenkins.io/security/advisory/2022-04-12/ghsax_refsource_CONFIRMWEB

News mentions

Jenkins Security Advisory 2022-04-12
Jenkins Security Advisories · Apr 12, 2022

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000