Stored Cross-Site Scripting Vulnerability in Jenkins Git Parameter Plugin
CVE-2020-2113

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Git Parameter Plugin
Vendor: CVE Published:; 12 February 2020

Summary

The Git Parameter Plugin for Jenkins, versions 0.9.11 and earlier, is vulnerable to stored cross-site scripting due to improper escaping of the default value displayed in the user interface. This vulnerability can be exploited by users who possess Job/Configure permissions, potentially allowing malicious scripts to be executed within the context of the affected application, leading to unauthorized actions or information disclosure.

Affected Version(s)

Jenkins Git Parameter Plugin 0.9.4

Jenkins Git Parameter Plugin <= 0.9.11

References

https://jenkins.io/security/advisory/2020-02-12/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/02/12/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 12, 2020
Vulnerability Reserved
Dec 5, 2019