Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins/jira@3.7.1
purl pkg:maven/org.jenkins-ci.plugins/jira@3.7.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-u4r3-mm95-nbe3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. CVE-2022-29041
GHSA-m3p3-2gp6-ghq8

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:17.859528+00:00 GHSA Importer Fixing VCID-u4r3-mm95-nbe3 https://github.com/advisories/GHSA-m3p3-2gp6-ghq8 38.0.0
2026-04-01T13:05:06.622631+00:00 GithubOSV Importer Fixing VCID-u4r3-mm95-nbe3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-m3p3-2gp6-ghq8/GHSA-m3p3-2gp6-ghq8.json 38.0.0