Stored Cross-Site Scripting in Jenkins Git Parameter Plugin
CVE-2020-2112
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 12 February 2020
What is CVE-2020-2112?
The Git Parameter Plugin for Jenkins does not adequately sanitize the parameter names displayed in the user interface. This oversight allows users with 'Job/Configure' permissions to execute stored cross-site scripting attacks, potentially leading to unauthorized access and manipulation of Jenkins jobs. It is critical for users to update to version 0.9.12 or later to mitigate this security risk.
Affected Version(s)
Jenkins Git Parameter Plugin 0.9.4
Jenkins Git Parameter Plugin <= 0.9.11