CVE-2020-2111: Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
jenkins	applatix_plugin	—	—
jenkins	bmc_release_package_and_deployment_plugin	—	—
jenkins	digitalocean_plugin	—	—
jenkins	dynamic_extended_choice_parameter_plugin	—	—
jenkins	eagle_tester_plugin	—	—
jenkins	ecx_copy_data_management_plugin	—	—
jenkins	fitnesse_plugin	—	—
jenkins	git_parameter_plugin	—	—
jenkins	google_kubernetes_engine_plugin	—	—
jenkins	groovy_plugin	—	—
jenkins	harvest_scm_plugin	—	—
jenkins	ids_in_pipeline_github_notify_step_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	nunit_plugin	—	—
jenkins	parasoft_environment_manager_plugin	—	—
jenkins	pipeline_github_notify_step_plugin	—	—
jenkins	radargun_plugin	—	—
jenkins	s3_publisher_plugin	—	—
jenkins	sandbox_protection_in_script_security_plugin	—	—
jenkins	script_security_plugin	—	—
jenkins	subversion	<= 2.13.0	—
jenkins	subversion_plugin	—	—
jenkins	yaml_input_files_to_google_kubernetes_engine_plugin	—	—
jenkins_project	jenkins_subversion_plugin	unspecified – 2.13.0	—