CVE-2020-2289
published 2020-10-08CVE-2020-2289: Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS)…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_choices | <= 2.4 | — |
| jenkins | active_choices_plugin | — | — |
| jenkins | audit_trail_plugin | — | — |
| jenkins | incorrect_default_pattern_in_audit_trail_plugin | — | — |
| jenkins | maven_cascade_release_plugin | — | — |
| jenkins | nerrvana_plugin | — | — |
| jenkins | persona_plugin | — | — |
| jenkins | release_plugin | — | — |
| jenkins | request_logging_could_be_bypassed_in_audit_trail_plugin | — | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | shared_objects_plugin | — | — |
| jenkins | sms_notification_plugin | — | — |
| jenkins_project | jenkins_active_choices_plugin | >= 2.1 < unspecified | unspecified |
| jenkins_project | jenkins_active_choices_plugin | unspecified – 2.4 | — |