Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.340
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.340
Next non-vulnerable version 2.346.1
Latest non-vulnerable version 2.555
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-1h9x-56rp-j7ch
Aliases:
CVE-2022-34173
GHSA-6g4r-q7qg-6qx6
Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list views is now escaped. No Jenkins LTS release is affected by SECURITY-2776 or SECURITY-2780, as these were not present in Jenkins 2.332.x and fixed in the 2.346.x line before 2.346.1.
2.356
Affected by 0 other vulnerabilities.
VCID-uwfz-czcp-qyd9
Aliases:
CVE-2022-34172
GHSA-mhp7-3393-pfqr
Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.340, symbol-based icons unescape previously escaped values of `tooltip` parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescape values of `tooltip` parameters.
2.356
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-03T21:27:12.619026+00:00 GitLab Importer Affected by VCID-1h9x-56rp-j7ch https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2022-34173.yml 38.1.0
2026-04-03T21:27:12.316391+00:00 GitLab Importer Affected by VCID-uwfz-czcp-qyd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2022-34172.yml 38.1.0
2026-04-01T16:02:42.505434+00:00 GHSA Importer Affected by VCID-1h9x-56rp-j7ch https://github.com/advisories/GHSA-6g4r-q7qg-6qx6 38.0.0
2026-04-01T16:02:42.122244+00:00 GHSA Importer Affected by VCID-uwfz-czcp-qyd9 https://github.com/advisories/GHSA-mhp7-3393-pfqr 38.0.0