Is CVE-2022-30956 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Rundeck Plugin

CVE-2022-30956

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.

EPSS: 0.713 (99.3th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Rundeck Plugin — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.jenkins.io/security/advisory/2022-05-17/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-30956?: CVE-2022-30956 is a vulnerability in Jenkins Project Rundeck Plugin. Published 2022-05-17.
Is CVE-2022-30956 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.