{
  "threat_severity" : "Important",
  "public_date" : "2022-04-12T00:00:00Z",
  "bugzilla" : {
    "description" : "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
    "id" : "2074851",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.", "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2022-05-31T00:00:00Z",
    "advisory" : "RHSA-2022:2280",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "jenkins-2-plugins-0:3.11.1650628887-1.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.10",
    "release_date" : "2022-05-02T00:00:00Z",
    "advisory" : "RHSA-2022:1600",
    "cpe" : "cpe:/a:redhat:openshift:4.10::el8",
    "package" : "jenkins-2-plugins-0:4.10.1650890594-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2022-06-17T00:00:00Z",
    "advisory" : "RHSA-2022:4947",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "jenkins-2-plugins-0:4.6.1653312933-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.7",
    "release_date" : "2022-06-10T00:00:00Z",
    "advisory" : "RHSA-2022:4909",
    "cpe" : "cpe:/a:redhat:openshift:4.7::el8",
    "package" : "jenkins-2-plugins-0:4.7.1652967082-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.8",
    "release_date" : "2022-03-22T00:00:00Z",
    "advisory" : "RHSA-2022:0871",
    "cpe" : "cpe:/a:redhat:openshift:4.8::el8",
    "package" : "jenkins-2-plugins-0:4.8.1646993358-1.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.9",
    "release_date" : "2022-05-18T00:00:00Z",
    "advisory" : "RHSA-2022:2205",
    "cpe" : "cpe:/a:redhat:openshift:4.9::el8",
    "package" : "jenkins-2-plugins-0:4.9.1651754460-1.el8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-29046\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29046\nhttps://www.jenkins.io/security/advisory/2022-04-12/" ],
  "name" : "CVE-2022-29046",
  "csaw" : false
}