Stored Cross-Site Scripting Issue in Jenkins Subversion Plugin
CVE-2020-2111

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Subversion Plugin
Vendor: CVE Published:; 12 February 2020

Summary

The Jenkins Subversion Plugin, version 2.13.0 and earlier, introduces a stored cross-site scripting vulnerability. This occurs because the plugin fails to appropriately escape error messages related to the Project Repository Base URL field during form validation. Attackers could exploit this weakness by injecting malicious scripts, which may be executed in the context of a user's browser, potentially compromising user data and leading to unauthorized actions within the Jenkins environment.

Affected Version(s)

Jenkins Subversion Plugin <= 2.13.0

References

https://jenkins.io/security/advisory/2020-02-12/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/02/12/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2020
Vulnerability Reserved
Dec 5, 2019