Home > Vulnerability Database > CVE-2022-36905

Mend.io Vulnerability Database

CVE-2022-36905

Date: July 27, 2022

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Language: Java

Severity Score

5.4

Related Resources (5)

Url: https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36905

Url: https://github.com/jenkinsci/maven-metadata-plugin

Url: http://www.openwall.com/lists/oss-security/2022/07/27/1

Url: https://www.mend.io/vulnerability-database/CVE-2022-36905

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36905

Date: July 27, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?