{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T07:22:25.124","vulnerabilities":[{"cve":{"id":"CVE-2022-34171","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2022-06-23T17:15:15.317","lastModified":"2024-11-21T07:08:59.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability."},{"lang":"es","value":"En Jenkins versiones 2.321 hasta 2.355 (ambas incluyéndolas) y LTS 2.332.1 hasta LTS 2.332.3 (ambas incluyéndolas) la salida HTML generada para nuevos iconos SVG basados en símbolos incluye el atributo \"title\" de \"l:ionicon\" (hasta Jenkins 2.334) y el atributo \"alt\" de \"l:icon\" (desde Jenkins versión 2.335) sin escaparse, resultando en una vulnerabilidad de tipo cross-site scripting (XSS)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","versionStartIncluding":"2.321","versionEndIncluding":"2.355","matchCriteriaId":"F055D690-ECCB-48ED-B2B6-5CC494339B7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","versionStartIncluding":"2.332.1","versionEndIncluding":"2.332.3","matchCriteriaId":"646A12CD-0089-49E6-9F17-E7C965BA131F"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]},{"url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}