{"id":"CVE-2022-34172","details":"In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.","aliases":["BIT-jenkins-2022-34172","GHSA-mhp7-3393-pfqr"],"modified":"2026-03-11T00:17:10.282971Z","published":"2022-06-23T17:15:15.383Z","references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/jenkins","events":[{"introduced":"39890e8c55879fc7c0e9b6cc2ba9920f37cd51f9"},{"last_affected":"d43d0b51dd18bca980f7d384ec4a353a2a66b818"}],"database_specific":{"versions":[{"introduced":"2.340"},{"last_affected":"2.355"}]}}],"versions":["jenkins-2.340","jenkins-2.341","jenkins-2.342","jenkins-2.343","jenkins-2.344","jenkins-2.345","jenkins-2.346","jenkins-2.347","jenkins-2.348","jenkins-2.349","jenkins-2.350","jenkins-2.351","jenkins-2.352","jenkins-2.353","jenkins-2.354","jenkins-2.355"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34172.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}