CVE-2020-2199 — Cross-site Scripting in Project Jenkins Subversion Partial Release Manager Plugin

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

21.8%

top 4.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Subversion Partial Release Manager Plugin Jenkins Subversion Partial Release Manager

Timeline

PublishedJun 3

Latest updateMay 24

Description

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_subversion_partial_release_manager_pluginunspecified — 1.0.1

▶NVDjenkins/subversion_partial_release_manager1.0.1

🔴Vulnerability Details

OSV

XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin↗2022-05-24

▶

GHSA

XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin↗2022-05-24

▶

CVEList

CVE-2020-2199: Jenkins Subversion Partial Release Manager Plugin 1↗2020-06-03

▶

💥Exploits & PoCs

Exploit-DB

File Transfer iFamily 2.1 - Directory Traversal↗2020-04-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-06-03↗2020-06-03

▶