CVEブラウザに戻る

CVE-2020-2225

MEDIUM

5.4

CVSS Severity Score

EPSS Score0.1890%

EPSS Percentile30.94th

Published2020年7月15日

Last Modified2024年11月21日

Vulnerability Description

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.

Affected Platforms (CPE)

📦

Jenkins

Matrix Project

<= 1.16

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/07/15/5

🔗 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925

🔗 http://www.openwall.com/lists/oss-security/2020/07/15/5

🔗 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925

関連する脆弱性情報

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2020-22245.4

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds wit...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...