CVE-2020-2199 – org.jenkins-ci.plugins:svn-partial-release-mgr

Package

Manager: maven
Name: org.jenkins-ci.plugins:svn-partial-release-mgr
Vulnerable Version: >=0 <=1.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.21759 pctl0.95533

Details

XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation. This results in a reflected cross-site scripting (XSS) vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with Job/Configure permission.

Metadata

Created: 2022-05-24T17:19:05Z
Modified: 2022-12-21T15:28:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmf3-w5jf-cv54/GHSA-qmf3-w5jf-cv54.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qmf3-w5jf-cv54
Finding: F008
Auto approve: 1