CVE-2020-2243
published 2020-09-01CVE-2020-2243: Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS)…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | cadence_vmanager | <= 3.0.4 | — |
| jenkins | cadence_vmanager_plugin | — | — |
| jenkins | database_plugin | — | — |
| jenkins | git_parameter_plugin | — | — |
| jenkins | jsgames_plugin | — | — |
| jenkins | klocwork_analysis_plugin | — | — |
| jenkins | klocwork_plugin | — | — |
| jenkins | parameterized_remote_trigger_plugin | — | — |
| jenkins | readyapi_functional_testing_plugin | — | — |
| jenkins | valgrind_plugin | — | — |
| jenkins_project | jenkins_cadence_vmanager_plugin | unspecified – 3.0.4 | — |