High severityNVD Advisory· Published Jun 22, 2022· Updated Aug 3, 2024
CVE-2022-34170
CVE-2022-34170
Description
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 2.350, < 2.356 | 2.356 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.320, < 2.332.4 | 2.332.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.346, < 2.346.1 | 2.346.1 |
Affected products
3- osv-coords2 versions
>= 2.320.0, < 2.355.1+ 1 more
- (no CPE)range: >= 2.320.0, < 2.355.1
- (no CPE)range: >= 2.350, < 2.356
- Range: 2.320
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-62wf-24c4-8r76ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-34170ghsaADVISORY
- github.com/jenkinsci/jenkins/commit/f71495a63f8b861e8ca3a5fcf5cc931fce55bc57ghsaWEB
- www.jenkins.io/security/advisory/2022-06-22/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.