CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Configurations

Configuration 1

cpe:2.3:a:jenkins:global-build-stats:*:*:*:*:*:jenkins:*:*

Information

Published : 2022-03-15 05:15

Updated : 2022-03-23 02:34


NVD link : CVE-2022-27207

Mitre link : CVE-2022-27207

Products Affected
No products.
CWE