CVE-2020-2217 – org.jenkins-ci.plugins:compatibility-action-storage

Package

Manager: maven
Name: org.jenkins-ci.plugins:compatibility-action-storage
Vulnerable Version: >=0 <=1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00359 pctl0.57367

Details

Reflected XSS in Jenkins Compatibility Action Storage Plugin Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

Metadata

Created: 2022-05-24T17:22:20Z
Modified: 2022-12-29T01:27:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfrq-3v89-fqg6/GHSA-rfrq-3v89-fqg6.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rfrq-3v89-fqg6
Finding: F008
Auto approve: 1