CVE-2020-2229 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.235.4 || >=2.236 <2.252

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03885 pctl0.87794

Details

Jenkins Cross-Site Scripting vulnerability in help icons Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.

Metadata

Created: 2022-05-24T17:25:24Z
Modified: 2023-12-22T13:53:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hvmc-7g2x-r3p9/GHSA-hvmc-7g2x-r3p9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-hvmc-7g2x-r3p9
Finding: F425
Auto approve: 1