Vulnerability in Jenkins Project Gitlab Plugin
CVE-2022-34777
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure…
EPSS: 0.724 (99.4th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Gitlab Plugin — versions unspecified
Public proof-of-concept exploits
References
- www.jenkins.io/security/advisory/2022-06-30/ (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2022-34777?
- CVE-2022-34777 is a vulnerability in Jenkins Project Gitlab Plugin. Published 2022-06-30.
- Is CVE-2022-34777 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.