VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.332

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.332

Essentials
History (1)

purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.332

Next non-vulnerable version	2.332.4
Latest non-vulnerable version	2.555
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-uwfz-czcp-qyd9 Aliases: CVE-2022-34172 GHSA-mhp7-3393-pfqr	Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.340, symbol-based icons unescape previously escaped values of `tooltip` parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of `tooltip` parameters.	2.332.4 Affected by 0 other vulnerabilities. 2.356 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-uwfz-czcp-qyd9
Aliases:
CVE-2022-34172
GHSA-mhp7-3393-pfqr

Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.340, symbol-based icons unescape previously escaped values of `tooltip` parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of `tooltip` parameters.

2.332.4
Affected by 0 other vulnerabilities.

2.356
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:02:42.827037+00:00	GHSA Importer	Affected by	VCID-uwfz-czcp-qyd9	https://github.com/advisories/GHSA-mhp7-3393-pfqr	38.0.0