CVE-2020-2136
published 2020-03-09CVE-2020-2136: Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | audit_trail_plugin | — | — |
| jenkins | backlog_plugin | — | — |
| jenkins | cobertura_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | cryptomove_plugin | — | — |
| jenkins | deployhub_plugin | — | — |
| jenkins | git | <= 4.2.0 | — |
| jenkins | git_plugin | — | — |
| jenkins | literate_plugin | — | — |
| jenkins | logstash_plugin | — | — |
| jenkins | mac_cloud_host_launched_by_the_plugin | — | — |
| jenkins | mac_plugin | — | — |
| jenkins | openshift_deployer_plugin | — | — |
| jenkins | p4_plugin | — | — |
| jenkins | quality_gates_plugin | — | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | skytap_cloud_ci_plugin | — | — |
| jenkins | sonar_quality_gates_plugin | — | — |
| jenkins | subversion_release_manager_plugin | — | — |
| jenkins | timestamper_plugin | — | — |
| jenkins | yaml_input_files_to_literate_plugin | — | — |
| jenkins | zephyr_enterprise_test_management_plugin | — | — |