CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-2223

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile32.03th
Published2020年7月15日
Last Modified2024年11月21日

Vulnerability Description

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.

Affected Platforms (CPE)

📦
Jenkins

Jenkins

<= 2.235.1
📦
Jenkins

Jenkins

<= 2.244

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/07/15/5
🔗 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945
🔗 http://www.openwall.com/lists/oss-security/2020/07/15/5
🔗 https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945

相关漏洞威胁

CVE-2019-10030309.9

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/...

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2019-10030299.9

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc...

CVE-2019-10030329.9

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/...