Search for packages
| purl | pkg:maven/org.jenkins-ci.main/jenkins-core@2.350 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gua8-x599-fqad
Aliases: CVE-2022-34170 GHSA-62wf-24c4-8r76 |
Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for [SECURITY-1955](https://www.jenkins.io/security/advisory/2020-08-12/#SECURITY-1955). This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the feature name in help icon tooltips is now escaped. |
Affected by 0 other vulnerabilities. |
|
VCID-j861-35t6-8qep
Aliases: CVE-2022-34171 GHSA-7f84-p6r5-jr6q |
Cross-site Scripting vulnerability in Jenkins Since Jenkins 2.321 and LTS 2.332.1, the HTML output generated for new symbol-based SVG icons includes the `title` attribute of `l:ionicon` until Jenkins 2.334 and `alt` attribute of `l:icon` since Jenkins 2.335 without further escaping. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability, the `title` attribute of `l:ionicon` (Jenkins LTS 2.332.4) and `alt` attribute of `l:icon` (Jenkins 2.356 and LTS 2.346.1) are escaped in the generated HTML output. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:02:41.847597+00:00 | GHSA Importer | Affected by | VCID-j861-35t6-8qep | https://github.com/advisories/GHSA-7f84-p6r5-jr6q | 38.0.0 |
| 2026-04-01T16:02:41.820827+00:00 | GHSA Importer | Affected by | VCID-gua8-x599-fqad | https://github.com/advisories/GHSA-62wf-24c4-8r76 | 38.0.0 |