Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.

Affected Packages

Maven org.jenkins-ci.plugins:chosen-views-tabbar

Affected versions: 0 (last affected: 1.2)

Related CVEs

CVE-2020-2269

Key Information

GHSA ID

GHSA-226h-qrg4-8236

Published

May 24, 2022 5:28 PM

Last Modified

December 29, 2022 1:44 AM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:chosen-views-tabbar

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.