CVE-2020-2225
published 2020-07-15CVE-2020-2225: Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | deployer_framework_plugin | — | — |
| jenkins | gitlab_authentication_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | matrix_project | <= 1.16 | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins_project | jenkins_matrix_project_plugin | unspecified – 1.16 | — |