Stored Cross-Site Scripting Flaw in Jenkins Valgrind Plugin
CVE-2020-2246

5.4MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Valgrind Plugin
Vendor: CVE Published:; 1 September 2020

Summary

The Jenkins Valgrind Plugin versions 0.28 and prior contain a stored cross-site scripting (XSS) vulnerability due to improper content escaping in Valgrind XML reports. This flaw can be exploited by malicious users who can manipulate the contents of the Valgrind XML reports, allowing them to execute scripts in the context of another user's session. It's critical for Jenkins administrators to apply updates and review security practices to mitigate this risk.

Affected Version(s)

Jenkins Valgrind Plugin <= 0.28

References

https://jenkins.io/security/advisory/2020-09-01/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/09/01/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 1, 2020
Vulnerability Reserved
Dec 5, 2019