CVE-2020-2136 – org.jenkins-ci.plugins:git

Package

Manager: maven
Name: org.jenkins-ci.plugins:git
Vulnerable Version: >=0 <4.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00127 pctl0.32862

Details

Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

Metadata

Created: 2022-05-24T17:10:27Z
Modified: 2022-06-24T00:59:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6c7r-6p5m-cp82/GHSA-6c7r-6p5m-cp82.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-6c7r-6p5m-cp82
Finding: F425
Auto approve: 1