CVE-2020-2246
- Source
- https://cve.org/CVERecord?id=CVE-2020-2246
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2246.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-2246
- Aliases
- Published
- 2020-09-01T14:15:13.113Z
- Modified
- 2025-11-14T10:56:53.617303Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.
- References
Affected packages
Git / github.com/jenkinsci/valgrind-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/valgrind-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
valgrind-0.*
valgrind-0.1
valgrind-0.10
valgrind-0.11
valgrind-0.12
valgrind-0.13
valgrind-0.14
valgrind-0.15
valgrind-0.16
valgrind-0.17
valgrind-0.18
valgrind-0.19
valgrind-0.2
valgrind-0.20
valgrind-0.21
valgrind-0.22
valgrind-0.23
valgrind-0.24
valgrind-0.24a
valgrind-0.25
valgrind-0.25a
valgrind-0.25b
valgrind-0.26
valgrind-0.27
valgrind-0.28
valgrind-0.3
valgrind-0.4
valgrind-0.5
valgrind-0.6
valgrind-0.7
valgrind-0.8
valgrind-0.9