CVE-2020-2229: Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS)…

medium5.4CVSS 3.1

AVNACLPRLUIRSCCLILAN

EXPLOIT

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
jenkins	email_extension_plugin	—	—
jenkins	flaky_test_handler_plugin	—	—
jenkins	ids_in_pipeline_maven_integration_plugin	—	—
jenkins	jenkins	<= 2.235.3	—
jenkins	jenkins	<= 2.251	—
jenkins	jenkins_core	—	—
jenkins	jenkins_lts	—	—
jenkins	jenkins_weekly	—	—
jenkins	pipeline_maven_integration_plugin	—	—
jenkins	yet_another_build_visualizer_plugin	—	—
jenkins_project	jenkins	unspecified – 2.251	—