CVE-2020-2238

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 53.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins GIT Parameter Plugin Jenkins GIT Parameter

Timeline

PublishedSep 1

Latest updateMay 24

Description

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_git_parameter_pluginunspecified — 0.9.12

▶Mavenorg.jenkins-ci.tools:git-parameter< 0.9.13

▶NVDjenkins/git_parameter0.9.12

🔴Vulnerability Details

GHSA

Stored XSS vulnerability in Jenkins Git Parameter Plugin↗2022-05-24

▶

OSV

Stored XSS vulnerability in Jenkins Git Parameter Plugin↗2022-05-24

▶

CVEList

CVE-2020-2238: Jenkins Git Parameter Plugin 0↗2020-09-01

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-09-01↗2020-09-01

▶