CVE-2020-2111 — Cross-site Scripting in Project Jenkins Subversion Plugin

CWE-79 — Cross-site Scripting8 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 75.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Subversion Plugin Jenkins Subversion

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_subversion_pluginunspecified — 2.13.0

▶NVDjenkins/subversion2.13.0

🔴Vulnerability Details

OSV

Subversion Plugin stored XSS vulnerability↗2022-05-24

▶

GHSA

Subversion Plugin stored XSS vulnerability↗2022-05-24

▶

CVEList

CVE-2020-2111: Jenkins Subversion Plugin 2↗2020-02-12

▶

📋Vendor Advisories

Red Hat

jenkins-subversion-plugin: XSS in project repository base url↗2020-02-12

▶

Jenkins

Jenkins Security Advisory 2020-02-12↗2020-02-12

▶

💬Community

Bugzilla

CVE-2020-2111 jenkins-subversion-plugin: XSS in project repository base url↗2020-03-31

▶

Bugzilla

CVE-2020-2111 subversion: jenkins-2-plugins: XSS in project repository base url [fedora-all]↗2020-03-31

▶