CVE-2022-34189: 
Java vulnerability analysis and mitigation

CVE-2022-34189 is a stored cross-site scripting (XSS) vulnerability affecting the Jenkins Image Tag Parameter Plugin versions 1.10 and earlier. The vulnerability was discovered and disclosed on June 22, 2022, as part of a larger Jenkins security advisory. The vulnerability affects the plugin's handling of parameter names and descriptions on views displaying parameters (Jenkins Advisory).

The vulnerability stems from the Image Tag Parameter Plugin's failure to properly escape the name and description of Image Tag parameters on views displaying parameters. This creates a stored cross-site scripting vulnerability that can be exploited by attackers who have Item/Configure permission. The vulnerability is rated as High severity according to CVSS scoring system (Jenkins Advisory).

The vulnerability allows attackers with Item/Configure permission to inject malicious HTML and JavaScript code into the Jenkins UI through parameter names and descriptions. This stored XSS vulnerability could potentially be used to perform unauthorized actions in the context of other users' sessions who view the affected pages (Jenkins Advisory).

As of the advisory's publication date, there was no fix available for the Image Tag Parameter Plugin version 1.10 and earlier. Users should monitor for updates and implement them when available. In the meantime, access to Item/Configure permissions should be strictly controlled (Jenkins Advisory).