5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29046

GHSA ID

GHSA-wpr6-qvcq-8269

EPSS Score

0.79105%

CWE

CWE-79

Published

4/13/2022

Updated

10/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29046

CVE-2022-29046: Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Exploitation of this vulnerability requires that parameters are listed on another page, like the "Build With Parameters" and "Parameters" pages provided by Jenkins (core), and that those pages are not hardened to prevent exploitation. Jenkins (core) has prevented exploitation of vulnerabilities of this kind on the "Build With Parameters" and "Parameters" pages since 2.44 and LTS 2.32.2 as part of the SECURITY-353 / CVE-2017-2601 fix.

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29046

GHSA ID

GHSA-wpr6-qvcq-8269

EPSS Score

0.79105%

CWE

CWE-79

Published

4/13/2022

Updated

10/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:subversion	maven	< 2.15.4	2.15.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unescaped parameter names/descriptions in UI rendering. Jenkins plugins typically use Jelly templates for views, and XSS vulnerabilities in parameter handling are commonly found in these templates. The advisory specifically calls out parameter display pages as the attack vector, implicating the view layer components. While exact file paths aren't available in disclosures, the pattern matches Jenkins plugin architecture where:

Jelly templates in src/main/resources handle HTML rendering
Parameter definition classes in src/main/java manage parameter metadata High confidence in Jelly templates being vulnerable due to the XSS nature; medium confidence in Java methods due to potential data flow involvement.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins Su*v*rsion Plu*in *.**.* *n* **rli*r *o*s not *s**p* t** n*m* *n* **s*ription o* List Su*v*rsion t**s (*n* mor*) p*r*m*t*rs on vi*ws *ispl*yin* p*r*m*t*rs, r*sultin* in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*r

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** p*r*m*t*r n*m*s/**s*riptions in UI r*n**rin*. J*nkins plu*ins typi**lly us* J*lly t*mpl*t*s *or vi*ws, *n* XSS vuln*r**iliti*s in p*r*m*t*r **n*lin* *r* *ommonly *oun* in t**s* t*mpl*t*s. T** **visory sp**i*i**l

5.4

Basic Information

Concerned about an active attack path?

CVE-2022-29046: Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI