{
  "threat_severity" : "Important",
  "public_date" : "2022-04-12T00:00:00Z",
  "bugzilla" : {
    "description" : "credentials: Stored XSS vulnerabilities in jenkins plugin",
    "id" : "2074847",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.", "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2022-05-31T00:00:00Z",
    "advisory" : "RHSA-2022:2280",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "jenkins-2-plugins-0:3.11.1650628887-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.10",
    "release_date" : "2022-05-02T00:00:00Z",
    "advisory" : "RHSA-2022:1600",
    "cpe" : "cpe:/a:redhat:openshift:4.10::el8",
    "package" : "jenkins-2-plugins-0:4.10.1650890594-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2022-06-17T00:00:00Z",
    "advisory" : "RHSA-2022:4947",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "jenkins-2-plugins-0:4.6.1653312933-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.7",
    "release_date" : "2022-06-10T00:00:00Z",
    "advisory" : "RHSA-2022:4909",
    "cpe" : "cpe:/a:redhat:openshift:4.7::el8",
    "package" : "jenkins-2-plugins-0:4.7.1652967082-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.8",
    "release_date" : "2022-03-22T00:00:00Z",
    "advisory" : "RHSA-2022:0871",
    "cpe" : "cpe:/a:redhat:openshift:4.8::el8",
    "package" : "jenkins-2-plugins-0:4.8.1646993358-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.9",
    "release_date" : "2022-05-18T00:00:00Z",
    "advisory" : "RHSA-2022:2205",
    "cpe" : "cpe:/a:redhat:openshift:4.9::el8",
    "package" : "jenkins-2-plugins-0:4.9.1651754460-1.el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-29036\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29036\nhttps://www.jenkins.io/security/advisory/2022-04-12/" ],
  "name" : "CVE-2022-29036",
  "csaw" : false
}