Is CVE-2022-20615 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Matrix Plugin

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configur…

EPSS: 0.818 (99.6th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Matrix Plugin — versions unspecified, 1.18.1

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.jenkins.io/security/advisory/2022-01-12/ (x_refsource_CONFIRM)
[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins (mailing-list, x_refsource_MLIST)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-20615?: CVE-2022-20615 is a vulnerability in Jenkins Project Matrix Plugin. Published 2022-01-12.
Is CVE-2022-20615 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.