Description
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686
Related Vulnerabilities
CVE-2020-16024 Vulnerability in npm package electron
CVE-2023-22579 Vulnerability in npm package sequelize
CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-protocols-imap4
CVE-2023-50709 Vulnerability in npm package @cubejs-backend/api-gateway
CVE-2020-11022 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery