Stored Cross-Site Scripting in Jenkins Git Plugin by CloudBees
CVE-2020-2136

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Git Plugin
Vendor: CVE Published:; 9 March 2020

Summary

The Jenkins Git Plugin, utilized for managing Git repositories within Jenkins, contains a vulnerability where error messages related to the repository URL in the Microsoft TFS field are not properly escaped. This oversight allows attackers to execute stored cross-site scripting attacks, potentially compromising the integrity of the Jenkins environment. Users of Jenkins Git Plugin versions 4.2.0 and earlier are encouraged to review the security advisory and update to mitigate this risk.

Affected Version(s)

Jenkins Git Plugin <= 4.2.0

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/03/09/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 9, 2020
Vulnerability Reserved
Dec 5, 2019