CyberSec.Space Logo
Back to CVE Browser

CVE-2020-2223

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile32.03th
PublishedJul 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Jenkins

<= 2.235.1
πŸ“¦
Jenkins

Jenkins

<= 2.244

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2020/07/15/5
πŸ”— https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945
πŸ”— http://www.openwall.com/lists/oss-security/2020/07/15/5
πŸ”— https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945

Related Vulnerabilities

CVE-2019-10030309.9

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/...

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2019-10030299.9

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc...

CVE-2019-10030329.9

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/...