Vulnerability in Jenkins Project Plot Plugin
CVE-2022-34783
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
EPSS: 0.804 (99.6th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Plot Plugin — versions unspecified, next of 2.1.10
References
- www.jenkins.io/security/advisory/2022-06-30/ (x_refsource_CONFIRM)