{"id":"CVE-2022-29036","details":"Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","aliases":["GHSA-rvg5-f5fj-mxvg"],"modified":"2026-03-14T11:41:01.114912Z","published":"2022-04-12T20:15:09.080Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/credentials-plugin","events":[{"introduced":"0"},{"fixed":"b51678df97ac5f8bc35eda36a48795f8530da041"},{"introduced":"1346ba467ba12df2f6784dbb99dd9721994f7fb5"},{"fixed":"39c30cecb0e2512c4e0199e37821025af6e6e070"},{"introduced":"b4e24ac78b811901d635b7c382cdcf50562a63d5"},{"fixed":"c87b7a3597f63aa525d3655bb8270d584ea5fc36"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.1.1"},{"introduced":"1055.v1346ba467ba1"},{"fixed":"1074.1076.v39c30cecb_0e2"},{"introduced":"1105.vb_4e24a_c78b_81"},{"fixed":"1112.vc87b_7a_3597f6"}]}}],"versions":["1055.v1346ba467ba1","1061.vb_1fceb_58fa_18","1074.v60e6c29b_b_44b_","1087.v16065d268466","1105.vb_4e24a_c78b_81","1111.v35a_307992395"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["83727615286348313829675903088563602067","54869314089508693882626512649044307084","312874980153135320499372257308575480433","257581418588421848910458884747290341307","6691583686450552339977131195670720405","132803057579268369307197705357036269611","243787488524581158586499063960850071158","328184817662817287907696749228039996112","96519729426239633875485433117340688952","243437566090217521401495988406898513111","28483131562127789577545796955169366628","72052839710360307075438765084806698039","89666286573407154181176688931677930719","229655880802628484206953678104251738460","19080391125361095553571203643549901209","106617460669940603892167930580359240726","221344400089268307001470952589678519040","111083240275972725174620794389045579337","166682197758268882393125630922601866066","161208506955036029422877051217577474865","109640926340354571798389626581885071480","318026700551472885968166101934376943299","95149550346917211170534839442573574186","90862824560457193317995517193432962847","107363461172924357567756489489241822724","339325365198068775232023261210550300877","256601009744630766042607834988654084816","215964877983795893581214131571523116144","97739389802329847652444196880629630593","261102295215008467095740750384368972168"]},"target":{"file":"src/test/java/com/cloudbees/plugins/credentials/CredentialsParameterDefinitionTest.java"},"id":"CVE-2022-29036-4b41f347","source":"https://github.com/jenkinsci/credentials-plugin/commit/c87b7a3597f63aa525d3655bb8270d584ea5fc36","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["83727615286348313829675903088563602067","306800675778640274636379015543481394824","317487875669070261878963467747004926600","206873271075746475143112863932813805918","123020493912287335925349348128277274615","270066523748029991366803290291676983485","29228068631080668101363173117000904750","328184817662817287907696749228039996112","96519729426239633875485433117340688952","243437566090217521401495988406898513111","28483131562127789577545796955169366628","72052839710360307075438765084806698039","89666286573407154181176688931677930719","229655880802628484206953678104251738460","19080391125361095553571203643549901209","106617460669940603892167930580359240726","221344400089268307001470952589678519040","111083240275972725174620794389045579337","166682197758268882393125630922601866066","161208506955036029422877051217577474865","109640926340354571798389626581885071480","318026700551472885968166101934376943299","95149550346917211170534839442573574186","90862824560457193317995517193432962847","107363461172924357567756489489241822724","339325365198068775232023261210550300877","256601009744630766042607834988654084816","215964877983795893581214131571523116144","275955670840425320496164063633890336428","261102295215008467095740750384368972168"]},"target":{"file":"src/test/java/com/cloudbees/plugins/credentials/CredentialsParameterDefinitionTest.java"},"id":"CVE-2022-29036-9c0c53a2","source":"https://github.com/jenkinsci/credentials-plugin/commit/39c30cecb0e2512c4e0199e37821025af6e6e070","signature_version":"v1","deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29036.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}