{"id":"CVE-2022-29045","details":"Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","aliases":["GHSA-v98r-gjgc-m9pf"],"modified":"2026-04-12T05:04:33.897493Z","published":"2022-04-12T20:15:09.520Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/promoted-builds-plugin","events":[{"introduced":"0"},{"fixed":"5fe37ca6938d34788ce4f77de5dcb27473853331"},{"introduced":"7c3ab83aeb7909201d5af8e7e7adb7d0e1b85632"},{"fixed":"99d29788b36b64118231e13756bbbd7ce32f529f"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"3.10.1"},{"introduced":"867.v7c3a_b_83a_eb_79"},{"fixed":"876.v99d29788b_36b_"}],"cpe":"cpe:2.3:a:jenkins:promoted_builds:*:*:*:*:*:jenkins:*:*"}}],"versions":["867.v7c3a_b_83a_eb_79","873.v6149db_d64130","promoted-builds-1.11","promoted-builds-2.0","promoted-builds-2.1","promoted-builds-2.10","promoted-builds-2.11","promoted-builds-2.12","promoted-builds-2.13","promoted-builds-2.14","promoted-builds-2.15","promoted-builds-2.16","promoted-builds-2.17","promoted-builds-2.18","promoted-builds-2.19","promoted-builds-2.2","promoted-builds-2.20","promoted-builds-2.21","promoted-builds-2.23","promoted-builds-2.23.1","promoted-builds-2.24","promoted-builds-2.24.1","promoted-builds-2.25","promoted-builds-2.26","promoted-builds-2.27","promoted-builds-2.28","promoted-builds-2.28.1","promoted-builds-2.29","promoted-builds-2.29.1","promoted-builds-2.3","promoted-builds-2.3.1","promoted-builds-2.30","promoted-builds-2.31","promoted-builds-2.31.1","promoted-builds-2.4","promoted-builds-2.5","promoted-builds-2.6","promoted-builds-2.6.1","promoted-builds-2.6.2","promoted-builds-2.7","promoted-builds-2.8","promoted-builds-2.9","promoted-builds-3.0","promoted-builds-3.1","promoted-builds-3.10","promoted-builds-3.2","promoted-builds-3.3","promoted-builds-3.4","promoted-builds-3.5","promoted-builds-3.6","promoted-builds-3.7","promoted-builds-3.9","promoted-builds-3.9.1","untagged-0514034a2dbca289d2ca"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29045.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}