CVE-2020-2231
published 2020-08-12CVE-2020-2231: Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in…
PriorityP337medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
5.30%
91.6th percentile
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | email_extension_plugin | — | — |
| jenkins | flaky_test_handler_plugin | — | — |
| jenkins | ids_in_pipeline_maven_integration_plugin | — | — |
| jenkins | jenkins | <= 2.235.3 | — |
| jenkins | jenkins | <= 2.251 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | pipeline_maven_integration_plugin | — | — |
| jenkins | yet_another_build_visualizer_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.251 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Jenkins
Jenkins Security Advisory 2020-08-12
vendor_jenkins·2020-08-12·CVSS 5.4
CVE-2020-2229 [MEDIUM] Jenkins Security Advisory 2020-08-12
Title: Jenkins Security Advisory 2020-08-12
Jenkins Security Advisory 2020-08-12
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Email Extension
Plugin
Flaky Test Handler
Plugin
Pipeline Maven Integration
Plugin
Yet Another Build Visualizer
Plugin
Descriptions
Stored XSS vulnerability
Red Hat
jenkins: stored XSS vulnerability in 'trigger builds remotely'
vendor_redhat·2020-08-12·CVSS 5.4
CVE-2020-2231 [MEDIUM] CWE-79 jenkins: stored XSS vulnerability in 'trigger builds remotely'
jenkins: stored XSS vulnerability in 'trigger builds remotely'
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
A flaw was found in Jenkins versions prior to 2.251 and LTS 2.235.3. The remote address of hosts starting a build via 'Trigger builds remotely' are not properly escaped leading to a potential stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the authentication token. The highest threat from this vulnerability is to data confidentiality and integrity.
Package: jenki
GHSA
Improper Neutralization of Input During Web Page Generation in Jenkins
ghsa·2022-05-24
CVE-2020-2231 [MEDIUM] CWE-79 Improper Neutralization of Input During Web Page Generation in Jenkins
Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
OSV
Improper Neutralization of Input During Web Page Generation in Jenkins
osv·2022-05-24
CVE-2020-2231 [MEDIUM] Improper Neutralization of Input During Web Page Generation in Jenkins
Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
No detection rules found.
Bugzilla
CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely' [fedora-31]
bugzilla·2020-09-03·CVSS 5.4
CVE-2020-2231 [MEDIUM] CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely' [fedora-31]
CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely' [fedora-31]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-31.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to
Bugzilla
CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely'
bugzilla·2020-09-03·CVSS 5.4
CVE-2020-2231 [MEDIUM] CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely'
CVE-2020-2231 jenkins: stored XSS vulnerability in 'trigger builds remotely'
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely'. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
Discussion:
External References:
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960
---
Created jenkins tracking bugs for this issue:
Affects: fedora-31 [bug 1875235]
---
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.5
Via RHSA-2020:3841 https://access.redhat.com/errata/RHSA-2020:3841
---
This bug is now closed. Further updates for individua
http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.htmlhttp://www.openwall.com/lists/oss-security/2020/08/12/4https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.htmlhttp://www.openwall.com/lists/oss-security/2020/08/12/4https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960
2020-08-12
Published