CVE-2020-2244

CWE-79 — Cross-site Scripting (XSS)6 documents6 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 61.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Build Failure Analyzer Plugin Jenkins Build Failure Analyzer

Timeline

PublishedSep 1

Latest updateMay 24

Description

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶Mavencom.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer< 1.27.1

▶CVEListV5jenkins_project/jenkins_build_failure_analyzer_pluginunspecified — 1.27.0

▶NVDjenkins/build_failure_analyzer1.27.0

🔴Vulnerability Details

OSV

XSS vulnerability in Jenkins Build Failure Analyzer Plugin↗2022-05-24

▶

GHSA

XSS vulnerability in Jenkins Build Failure Analyzer Plugin↗2022-05-24

▶

CVEList

CVE-2020-2244: Jenkins Build Failure Analyzer Plugin 1↗2020-09-01

▶

💥Exploits & PoCs

Exploit-DB

Draytek VigorAP 1000C - Persistent Cross-Site Scripting↗2020-05-07

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-09-01↗2020-09-01

▶