Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-2223

UNKNOWN
Published 2020-07-15T17:00:27
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-2223. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins

Affected Versions:

unspecified unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Stored XSS vulnerability in Jenkins console links

GHSA-gfhj-524q-gcrm

Advisory Details

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.

Affected Packages

Maven org.jenkins-ci.main:jenkins-core
ECOSYSTEM: ≥0 <2.235.2
Maven org.jenkins-ci.main:jenkins-core
ECOSYSTEM: ≥2.236 <2.245

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-2223
WEB https://github.com/jenkinsci/jenkins/commit/11f4a351224ef04cfeb9c7636fb1590b67543f3c
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945
WEB http://www.openwall.com/lists/oss-security/2020/07/15/5

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: December 27, 2022

References

https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945
http://www.openwall.com/lists/oss-security/2020/07/15/5
Published: 2020-07-15T17:00:27
Last Modified: 2024-08-04T07:01:41.099Z
Copied to clipboard!