CVE-2020-2174 – br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin

Package

Manager: maven
Name: br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin
Vulnerable Version: >=0 <0.3.20

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00118 pctl0.31307

Details

Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output. This results in a reflected cross-site scripting (XSS) vulnerability. AWSEB Deployment Plugin 0.3.20 escapes the values printed as part of the affected form validation endpoints.

Metadata

Created: 2022-05-24T17:13:39Z
Modified: 2022-12-20T17:39:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f82v-pg74-6686/GHSA-f82v-pg74-6686.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-f82v-pg74-6686
Finding: F008
Auto approve: 1