CVE-2020-2106
published 2020-01-29CVE-2020-2106: Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | code_coverage_api | <= 1.1.2 | — |
| jenkins | code_coverage_plugin | — | — |
| jenkins | fortify_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | websphere_deployer_plugin | — | — |
| jenkins_project | jenkins_code_coverage_api_plugin | unspecified – 1.1.2 | — |