CyberSec.Space Logo
Back to CVE Browser

CVE-2020-2224

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile37.64th
PublishedJul 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Matrix Project

<= 1.16

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2020/07/15/5
πŸ”— https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924
πŸ”— http://www.openwall.com/lists/oss-security/2020/07/15/5
πŸ”— https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924

Related Vulnerabilities

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2020-22255.4

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds wit...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...