High severityNVD Advisory· Published May 17, 2022· Updated Aug 3, 2024
CVE-2022-30970
CVE-2022-30970
Description
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:autocomplete-parameterMaven | <= 1.1 | — |
Affected products
2- Jenkins project/Jenkins Autocomplete Parameter Pluginv5Range: unspecified
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-cj9j-v8jp-6hm9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-30970ghsaADVISORY
- www.jenkins.io/security/advisory/2022-05-17/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2022-05-17Jenkins Security Advisories · May 17, 2022