CVE-2022-46686
Last modified
CVE-2022-46686 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Custom Build Properties | <= 2.79.vc095ccc85094 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-46686?
How severe is CVE-2022-46686?
How do I fix CVE-2022-46686?
Are you affected by CVE-2022-46686?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST