CVE-2020-2136 — Cross-site Scripting in Project Jenkins GIT Plugin

CWE-79 — Cross-site Scripting8 documents8 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 67.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins GIT Plugin Jenkins GIT

Timeline

PublishedMar 9

Latest updateMay 24

Description

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_git_pluginunspecified — 4.2.0

▶NVDjenkins/git4.2.0

🔴Vulnerability Details

GHSA

Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin↗2022-05-24

▶

OSV

Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin↗2022-05-24

▶

CVEList

CVE-2020-2136: Jenkins Git Plugin 4↗2020-03-09

▶

📋Vendor Advisories

Microsoft

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation resulting in a stored cross-site scripting vulnerability.↗2020-03-10

▶

Red Hat

jenkins-git-plugin: stored cross-site scripting↗2020-03-09

▶

Jenkins

Jenkins Security Advisory 2020-03-09↗2020-03-09

▶

💬Community

Bugzilla

CVE-2020-2136 jenkins-git-plugin: stored cross-site scripting↗2020-03-31

▶