CVE-2020-2201 – org.jenkins-ci.plugins:sonargraph-integration

Package

Manager: maven
Name: org.jenkins-ci.plugins:sonargraph-integration
Vulnerable Version: >=0 <3.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00089 pctl0.26377

Details

Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation. This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission. Sonargraph Integration Plugin 3.0.1 escapes the affected part of the error message.

Metadata

Created: 2022-05-24T17:22:18Z
Modified: 2022-12-28T23:50:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f799-hfg3-48jp/GHSA-f799-hfg3-48jp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-f799-hfg3-48jp
Finding: F425
Auto approve: 1