Is CVE-2022-29036 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Credentials Plugin

CVE-2022-29036

Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, result…

EPSS: 0.815 (99.6th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Credentials Plugin — versions 2.6.1.1, 1074.1076.v39c30cecb_0e2, 1087.1089.v2f1b_9a_b_040e4

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/cvemon

References

www.jenkins.io/security/advisory/2022-04-12/

Frequently asked questions

What is CVE-2022-29036?: CVE-2022-29036 is a vulnerability in Jenkins Project Credentials Plugin. Published 2022-04-12.
Is CVE-2022-29036 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.