CVE-2020-2244
HIGH8.0EPSS 0.17%XSS vulnerability in Jenkins Build Failure Analyzer Plugin
發布日:2022/5/24修改日:2024/2/16
描述
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. Build Failure Analyzer Plugin 1.27.1 escapes matching text in the affected form validation response.
受影響套件(1)
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-2244
- PATCHhttps://github.com/jenkinsci/build-failure-analyzer-plugin
- WEBhttps://github.com/jenkinsci/build-failure-analyzer-plugin/commit/c974938f213df0109269cb1b4508b8a1ec19f0ff
- WEBhttps://jenkins.io/security/advisory/2020-09-01/#SECURITY-1770
- WEBhttp://www.openwall.com/lists/oss-security/2020/09/01/3