Wiz
Vulnerability DatabaseCVE-2022-30966

CVE-2022-30966
Java vulnerability analysis and mitigation

Overview

CVE-2022-30966 is a stored cross-site scripting (XSS) vulnerability discovered in Jenkins Random String Parameter Plugin version 1.0 and earlier. The vulnerability was disclosed on May 17, 2022, as part of a larger Jenkins security advisory. The vulnerability affects the plugin's handling of parameter names and descriptions on views displaying parameters (Jenkins Advisory).

Technical details

The vulnerability stems from the plugin's failure to properly escape the name and description of Random String parameters on views displaying parameters. This creates a stored cross-site scripting vulnerability that can be exploited by attackers who have Item/Configure permission. The vulnerability is tracked as SECURITY-2722 and has been assessed as High severity (Jenkins Advisory).

Impact

The vulnerability allows attackers with Item/Configure permission to execute stored cross-site scripting attacks through parameter names and descriptions. Exploitation requires that parameters are listed on pages like 'Build With Parameters' and 'Parameters' pages, and that those pages are not hardened against such attacks (Jenkins Advisory).

Mitigation and workarounds

As of the advisory's publication on May 17, 2022, no fix was available for the Random String Parameter Plugin. The vulnerability remains present in version 1.0 and earlier versions of the plugin (Jenkins Advisory).

Additional resources

SourceThis report was generated using AI

Related Java vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-55749HIGH8.7
  • JavaJava
  • org.xwiki.platform:xwiki-platform-tool-jetty-resources
NoYesDec 01, 2025
CVE-2025-13806MEDIUM6.9
  • JavaJava
  • org.nutz:nutzboot-parent
NoNoDec 01, 2025
CVE-2025-13805MEDIUM6.3
  • JavaJava
  • org.nutz:nutzboot-parent
NoNoDec 01, 2025
CVE-2025-13804MEDIUM5.3
  • JavaJava
  • org.nutz:nutzboot-parent
NoNoDec 01, 2025
CVE-2025-66372LOW2.8
  • JavaJava
  • org.mustangproject:library
NoYesNov 28, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo