Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Audit Trail Plugin 3.3 escapes the affected part of the error message.

Affected Packages

Maven org.jenkins-ci.plugins:audit-trail

Affected versions: 0 (fixed in 3.3)

Related CVEs

CVE-2020-2140

Key Information

GHSA ID

GHSA-cj2g-wwfv-mvjh

Published

May 24, 2022 5:10 PM

Last Modified

January 5, 2023 8:38 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:audit-trail

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.