Description
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Jenkins project | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-6289 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
 Github GHSA |
GHSA-8294-mv9c-7m5h | Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin |
References
History
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-08-03T10:14:29.459Z
Reserved: 2022-07-27T00:00:00.000Z
Link: CVE-2022-36905
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-07-27T15:15:10.023
Modified: 2024-11-21T07:14:02.950
Link: CVE-2022-36905
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses