CVE-2020-2190 – org.jenkins-ci.plugins:script-security

Package

Manager: maven
Name: org.jenkins-ci.plugins:script-security
Vulnerable Version: >=0 <1.73

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00122 pctl0.32081

Details

Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.

Metadata

Created: 2022-05-24T17:19:04Z
Modified: 2022-06-24T00:56:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q87g-7mp5-765q/GHSA-q87g-7mp5-765q.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-q87g-7mp5-765q
Finding: F425
Auto approve: 1