Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.

Affected Packages

Maven org.jenkins-ci.plugins:script-security

Affected versions: 0 (fixed in 1.73)

Related CVEs

CVE-2020-2190

Key Information

GHSA ID

GHSA-q87g-7mp5-765q

Published

May 24, 2022 5:19 PM

Last Modified

June 24, 2022 12:56 AM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:script-security

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.