CVE-2020-2224
published 2020-07-15CVE-2020-2224: Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | deployer_framework_plugin | — | — |
| jenkins | gitlab_authentication_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | matrix_project | <= 1.16 | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins_project | jenkins_matrix_project_plugin | unspecified – 1.16 | — |