CVE-2020-2162
published 2020-03-25CVE-2020-2162: Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
1.16%
63.2th percentile
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | artifactory_plugin | — | — |
| jenkins | aws_steps_plugin | — | — |
| jenkins | azure_container_service_plugin | — | — |
| jenkins | jenkins | <= 2.204.5 | — |
| jenkins | jenkins | <= 2.227 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | openshift_pipeline_plugin | — | — |
| jenkins | queue_cleanup_plugin | — | — |
| jenkins | rapiddeploy_plugin | — | — |
| jenkins | yaml_input_files_to_azure_container_service_plugin | — | — |
| jenkins | yaml_input_files_to_openshift_pipeline_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.227 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Jenkins
Jenkins Security Advisory 2020-03-25
vendor_jenkins·2020-03-25·CVSS 8.8
CVE-2020-2160 [HIGH] Jenkins Security Advisory 2020-03-25
Title: Jenkins Security Advisory 2020-03-25
Jenkins Security Advisory 2020-03-25
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Artifactory
Plugin
Azure Container Service
Plugin
OpenShift Pipeline
Plugin
Pipeline: AWS Steps
Plugin
Queue cleanup
Plugin
RapidDeploy
Plugin
Descrip
Red Hat
jenkins: Content-Security-Policy headers for files uploaded leads to XSS
vendor_redhat·2020-03-25·CVSS 5.4
CVE-2020-2162 [MEDIUM] CWE-79 jenkins: Content-Security-Policy headers for files uploaded leads to XSS
jenkins: Content-Security-Policy headers for files uploaded leads to XSS
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
OSV
Improper Neutralization of Input During Web Page Generation in Jenkins
osv·2022-05-24
CVE-2020-2162 [MEDIUM] Improper Neutralization of Input During Web Page Generation in Jenkins
Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier served files uploaded as file parameters to a build without specifying appropriate `Content-Security-Policy HTTP` headers. This resulted in a stored cross-site scripting (XSS) vulnerability exploitable by users with permissions to build a job with file parameters.\n\nJenkins now sets `Content-Security-Policy` HTTP headers when serving files uploaded via a file parameter to the same value as used for files in workspaces and archived artifacts not served using the Resource Root URL.\n\nThe system property `hudson.model.DirectoryBrowserSupport.CSP` can be set to override the value of `Content-Security-Policy` headers sent when serving these files. This is the same system
GHSA
Improper Neutralization of Input During Web Page Generation in Jenkins
ghsa·2022-05-24
CVE-2020-2162 [MEDIUM] CWE-79 Improper Neutralization of Input During Web Page Generation in Jenkins
Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier served files uploaded as file parameters to a build without specifying appropriate `Content-Security-Policy HTTP` headers. This resulted in a stored cross-site scripting (XSS) vulnerability exploitable by users with permissions to build a job with file parameters.\n\nJenkins now sets `Content-Security-Policy` HTTP headers when serving files uploaded via a file parameter to the same value as used for files in workspaces and archived artifacts not served using the Resource Root URL.\n\nThe system property `hudson.model.DirectoryBrowserSupport.CSP` can be set to override the value of `Content-Security-Policy` headers sent when serving these files. This is the same system
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-2162 jenkins: Content-Security-Policy headers for files uploaded leads to XSS
bugzilla·2020-03-31·CVSS 5.4
CVE-2020-2162 [MEDIUM] CVE-2020-2162 jenkins: Content-Security-Policy headers for files uploaded leads to XSS
CVE-2020-2162 jenkins: Content-Security-Policy headers for files uploaded leads to XSS
A vulnerability was found in Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
Reference:
http://www.openwall.com/lists/oss-security/2020/03/25/2
Discussion:
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1819217]
---
External References:
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1793
Bugzilla
CVE-2020-2162 jenkins: Content-Security-Policy headers for files uploaded leads to XSS [fedora-all]
bugzilla·2020-03-31·CVSS 5.4
CVE-2020-2162 [MEDIUM] CVE-2020-2162 jenkins: Content-Security-Policy headers for files uploaded leads to XSS [fedora-all]
CVE-2020-2162 jenkins: Content-Security-Policy headers for files uploaded leads to XSS [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multi
2020-03-25
Published