Published: 12/08/2020 Updated: 02/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

Synopsis Important: OpenShift Container Platform 4427 openshift-jenkins-2-container security update Type/Severity Security Advisory: Important Topic An update for openshift-jenkins-2-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this update as h ...

Synopsis Important: OpenShift Container Platform 4513 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 45Red Hat Product Security has rated this update as having a security impact of Important A Comm ...

Synopsis Important: OpenShift Container Platform 311306 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Important A C ...

Jenkins versions 2251 and below and LTS 22353 and below suffer from a persistent cross site scripting vulnerability ...

CWE-79 https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960 http://www.openwall.com/lists/oss-security/2020/08/12/4 http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:4220

CVE-2020-2231

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect