CVE-2020-2161Cross-site Scripting in Project Jenkins

CWE-79Cross-site Scripting7 documents6 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 46.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project JenkinsJenkins
Timeline
PublishedMar 25
Latest updateMay 24

Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDjenkins/jenkins2.204.5+1
CVEListV5jenkins_project/jenkinsunspecified2.227+1

🔴Vulnerability Details

2
OSV
Improper Neutralization of Input During Web Page Generation in Jenkins2022-05-24
CVEList
CVE-2020-2161: Jenkins 22020-03-25

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2020-03-252020-03-25
Red Hat
jenkins: XSS in job configuration pages2020-03-25

💬Community

2
Bugzilla
CVE-2020-2161 jenkins: XSS in job configuration pages [fedora-all]2020-03-31
Bugzilla
CVE-2020-2161 jenkins: XSS in job configuration pages2020-03-31
CVE-2020-2161 — Cross-site Scripting in Project Jenkins | cvebase