CVE-2020-2227
published 2020-07-15CVE-2020-2227: Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | deployer_framework | <= 1.2 | — |
| jenkins | deployer_framework_plugin | — | — |
| jenkins | gitlab_authentication_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins_project | jenkins_deployer_framework_plugin | unspecified – 1.2 | — |