VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.320

Search for packages

Vulnerability	Summary	Fixed by
VCID-gua8-x599-fqad Aliases: CVE-2022-34170 GHSA-62wf-24c4-8r76	Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955). This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the feature name in help icon tooltips is now escaped.	2.332.4 Affected by 0 other vulnerabilities. 2.346.1 Affected by 0 other vulnerabilities. 2.356 Affected by 0 other vulnerabilities.
VCID-vq51-xhq4-d7dj Aliases: CVE-2022-20612 GHSA-p92q-7fhh-mq35	Cross-Site Request Forgery (CSRF) A cross-site request forgery (CSRF) vulnerability in Jenkins allows attackers to trigger build of job without parameters when no security realm is set.	2.330 Affected by 0 other vulnerabilities.
VCID-wrub-pwdz-qkhz Aliases: CVE-2022-0538 GHSA-34wx-x2w9-vqm3	Deserialization of Untrusted Data Jenkins defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.	2.334 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gua8-x599-fqad
Aliases:
CVE-2022-34170
GHSA-62wf-24c4-8r76

Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955). This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the feature name in help icon tooltips is now escaped.

2.332.4
Affected by 0 other vulnerabilities.

2.346.1
Affected by 0 other vulnerabilities.

2.356
Affected by 0 other vulnerabilities.

VCID-vq51-xhq4-d7dj
Aliases:
CVE-2022-20612
GHSA-p92q-7fhh-mq35

Cross-Site Request Forgery (CSRF) A cross-site request forgery (CSRF) vulnerability in Jenkins allows attackers to trigger build of job without parameters when no security realm is set.

2.330
Affected by 0 other vulnerabilities.

VCID-wrub-pwdz-qkhz
Aliases:
CVE-2022-0538
GHSA-34wx-x2w9-vqm3

Deserialization of Untrusted Data Jenkins defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.

2.334
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:27:12.152537+00:00	GitLab Importer	Affected by	VCID-gua8-x599-fqad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2022-34170.yml	38.1.0
2026-04-01T16:02:42.801167+00:00	GHSA Importer	Affected by	VCID-gua8-x599-fqad	https://github.com/advisories/GHSA-62wf-24c4-8r76	38.0.0
2026-04-01T15:59:45.448566+00:00	GHSA Importer	Affected by	VCID-wrub-pwdz-qkhz	https://github.com/advisories/GHSA-34wx-x2w9-vqm3	38.0.0
2026-04-01T15:59:23.493324+00:00	GHSA Importer	Affected by	VCID-vq51-xhq4-d7dj	https://github.com/advisories/GHSA-p92q-7fhh-mq35	38.0.0