{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T08:39:25.645","vulnerabilities":[{"cve":{"id":"CVE-2022-34173","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2022-06-23T17:15:15.447","lastModified":"2024-11-21T07:09:00.063","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission."},{"lang":"es","value":"En Jenkins versiones 2.340 hasta 2.355 (ambas incluyéndolas) el tooltip del botón de construcción en las visualizaciones de lista soporta HTML sin escapar el nombre de visualización del trabajo, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) explotable por atacantes con permiso Job/Configure"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*","versionStartIncluding":"2.340","versionEndIncluding":"2.355","matchCriteriaId":"18C61399-BA26-4217-94FE-76CB208401DA"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]},{"url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}