CVE-2020-2220Cross-site Scripting in Project Jenkins

CWE-79Cross-site Scripting8 documents7 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 38.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project JenkinsJenkins
Timeline
PublishedJul 15
Latest updateMay 24

Description

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDjenkins/jenkins2.235.1+1
CVEListV5jenkins_project/jenkinsunspecified2.244+1

🔴Vulnerability Details

3
OSV
Stored XSS vulnerability in Jenkins job build time trend2022-05-24
GHSA
Stored XSS vulnerability in Jenkins job build time trend2022-05-24
CVEList
CVE-2020-2220: Jenkins 22020-07-15

📋Vendor Advisories

2
Red Hat
jenkins: Stored XSS vulnerability in job build time trend2020-07-15
Jenkins
Jenkins Security Advisory 2020-07-152020-07-15

💬Community

2
Bugzilla
CVE-2020-2220 jenkins: Stored XSS vulnerability in job build time trend2020-07-15
Bugzilla
CVE-2020-2220 jenkins: Stored XSS vulnerability in job build time trend [fedora-all]2020-07-15
CVE-2020-2220 — Cross-site Scripting in Project Jenkins | cvebase