CyberSec.Space Logo
Back to CVE Browser

CVE-2020-2225

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1890%
EPSS Percentile30.94th
PublishedJul 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Matrix Project

<= 1.16

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2020/07/15/5
πŸ”— https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925
πŸ”— http://www.openwall.com/lists/oss-security/2020/07/15/5
πŸ”— https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925

Related Vulnerabilities

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2020-22245.4

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds wit...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...