{"id":"CVE-2022-29043","details":"Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","aliases":["GHSA-pjm3-f4vh-3h3h"],"modified":"2026-05-28T04:08:44.503048422Z","published":"2022-04-12T20:15:09.420Z","database_specific":{},"references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/mask-passwords-plugin","events":[{"introduced":"0"},{"last_affected":"9c0508c62d5a14e60f3289e7e1c392b6be0bf215"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"3.0"}],"cpe":"cpe:2.3:a:jenkins:mask_passwords:*:*:*:*:*:jenkins:*:*","source":"CPE_RANGE"}}],"versions":["mask-passwords-3.0","mask-passwords-2.13","mask-passwords-2.12.0","mask-passwords-2.11.0","mask-passwords-2.10.1","mask-passwords-2.10","mask-passwords-2.9","mask-passwords-2.8","mask-passwords-2.7.4","mask-passwords-2.7.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29043.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}