Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GHSA-62wf-24c4-8r76] Cross-site Scripting vulnerability in Jenkins #3976

Merged
merged 1 commit into from
Mar 13, 2024
Merged

[GHSA-62wf-24c4-8r76] Cross-site Scripting vulnerability in Jenkins #3976

merged 1 commit into from
Mar 13, 2024

Conversation

sunSUNQ
Copy link

@sunSUNQ sunSUNQ commented Mar 12, 2024

Updates

  • References
  • Source code location

Comments
Add patch link and source code location related to CVE-2022-34170.

@github-actions github-actions bot changed the base branch from main to sunSUNQ/advisory-improvement-3976 March 12, 2024 08:29
@shelbyc
Copy link
Contributor

shelbyc commented Mar 12, 2024

Hi @sunSUNQ, there appears to be an error in the contribution. jenkinsci/jenkins@f71495a is tagged with SECURITY-2779, but GHSA-62wf-24c4-8r76 is linked to SECURITY-2781.

@sunSUNQ
Copy link
Author

sunSUNQ commented Mar 13, 2024

Hello, in the security advisory, it mentions: SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780). I believe CVE-2022-34170 and SECURITY-2779 are related.

@shelbyc
Copy link
Contributor

shelbyc commented Mar 13, 2024

I see SECURITY-2779 (CVE-2022-34170): Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955). now. Thank you for the clarification.

@advisory-database advisory-database bot merged commit 1c747fa into sunSUNQ/advisory-improvement-3976 Mar 13, 2024
2 checks passed
@advisory-database advisory-database bot deleted the sunSUNQ-GHSA-62wf-24c4-8r76 branch March 13, 2024 18:04
@advisory-database
Copy link
Contributor

Hi @sunSUNQ! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sunSUNQ @shelbyc