CVE-2020-2190
published 2020-06-03CVE-2020-2190: Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | compact_columns_plugin | — | — |
| jenkins | echarts_api_plugin | — | — |
| jenkins | play_framework_plugin | — | — |
| jenkins | project_inheritance_plugin | — | — |
| jenkins | script_security | <= 1.72 | — |
| jenkins | script_security_plugin | — | — |
| jenkins | selenium_plugin | — | — |
| jenkins | subversion_partial_release_manager_plugin | — | — |
| jenkins | swarm_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | unspecified – 1.72 | — |