Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-12	CVE-2022-29040	Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-04-12	CVE-2022-29041	Cross-site Scripting vulnerability in Jenkins Jira Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-04-12	CVE-2022-29042	Cross-site Scripting vulnerability in Jenkins JOB Generator Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-04-12	CVE-2022-29043	Cross-site Scripting vulnerability in Jenkins Mask Passwords Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-04-12	CVE-2022-29044	Cross-site Scripting vulnerability in Jenkins Node and Label Parameter Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-04-12	CVE-2022-29045	Cross-site Scripting vulnerability in Jenkins Promoted Builds Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins CWE-79	5.4
2022-04-12	CVE-2022-29046	Cross-site Scripting vulnerability in multiple products Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. network low complexity jenkins apple CWE-79	5.4
2022-04-12	CVE-2022-29047	Incorrect Authorization vulnerability in Jenkins Pipeline: Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. network low complexity jenkins CWE-863	5.3
2022-04-12	CVE-2022-29048	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. network low complexity jenkins apple CWE-352	4.3
2022-04-12	CVE-2022-29049	Cross-site Scripting vulnerability in Jenkins Promoted Builds Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. network low complexity jenkins CWE-79	5.4