CVE-2020-2256

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-2256
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2256.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-2256
Aliases
Published
2020-09-16T14:15:13Z
Modified
2024-10-12T06:20:43.030642Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

References

Affected packages

Git / github.com/jenkinsci/pipeline-maven-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/pipeline-maven-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

pipeline-maven-0.*

pipeline-maven-0.1-beta
pipeline-maven-0.2
pipeline-maven-0.3
pipeline-maven-0.4
pipeline-maven-0.5

pipeline-maven-2.*

pipeline-maven-2.3.0-beta-1
pipeline-maven-2.3.1-beta-1
pipeline-maven-2.4.0-beta-1
pipeline-maven-2.4.0-beta-2
pipeline-maven-2.5.0-alpha-1

pipeline-maven-3.*

pipeline-maven-3.0.0
pipeline-maven-3.0.0-beta-1
pipeline-maven-3.0.0-beta-2
pipeline-maven-3.0.0-beta-3
pipeline-maven-3.0.0-beta-4
pipeline-maven-3.0.0-beta-5
pipeline-maven-3.0.0-beta-6
pipeline-maven-3.0.1
pipeline-maven-3.0.1-beta-1
pipeline-maven-3.0.1-beta-2
pipeline-maven-3.0.2
pipeline-maven-3.0.3
pipeline-maven-3.0.3-beta-1
pipeline-maven-3.0.3-beta-2
pipeline-maven-3.0.4
pipeline-maven-3.0.5
pipeline-maven-3.0.6
pipeline-maven-3.0.6-beta-1
pipeline-maven-3.0.7
pipeline-maven-3.1.0
pipeline-maven-3.1.0-beta-1
pipeline-maven-3.2.0
pipeline-maven-3.2.0-alpha-1
pipeline-maven-3.2.0-alpha-2
pipeline-maven-3.2.1
pipeline-maven-3.2.1-beta-1
pipeline-maven-3.3.0
pipeline-maven-3.3.1
pipeline-maven-3.3.1-beta-1
pipeline-maven-3.3.1-beta-2
pipeline-maven-3.3.2
pipeline-maven-3.4.0
pipeline-maven-3.4.0-beta-1
pipeline-maven-3.4.1
pipeline-maven-3.4.2
pipeline-maven-3.4.3
pipeline-maven-3.5.0
pipeline-maven-3.5.0-beta-1
pipeline-maven-3.5.1
pipeline-maven-3.5.1-beta-1
pipeline-maven-3.5.10
pipeline-maven-3.5.11
pipeline-maven-3.5.12
pipeline-maven-3.5.12-beta-1
pipeline-maven-3.5.12-beta-2
pipeline-maven-3.5.12-beta-3
pipeline-maven-3.5.12-beta-4
pipeline-maven-3.5.13
pipeline-maven-3.5.14
pipeline-maven-3.5.15
pipeline-maven-3.5.15-beta-1
pipeline-maven-3.5.15-beta-2
pipeline-maven-3.5.15-beta-4
pipeline-maven-3.5.2
pipeline-maven-3.5.3
pipeline-maven-3.5.4
pipeline-maven-3.5.4-beta-1
pipeline-maven-3.5.5
pipeline-maven-3.5.6
pipeline-maven-3.5.7
pipeline-maven-3.5.7-beta-1
pipeline-maven-3.5.8
pipeline-maven-3.5.8-beta-1
pipeline-maven-3.5.9
pipeline-maven-3.6.0
pipeline-maven-3.6.0-beta-1
pipeline-maven-3.6.0-beta-2
pipeline-maven-3.6.1
pipeline-maven-3.6.10
pipeline-maven-3.6.11
pipeline-maven-3.6.12
pipeline-maven-3.6.13
pipeline-maven-3.6.14
pipeline-maven-3.6.15-beta-1
pipeline-maven-3.6.2
pipeline-maven-3.6.3
pipeline-maven-3.6.4
pipeline-maven-3.6.4-beta-1
pipeline-maven-3.6.5
pipeline-maven-3.6.5-beta-1
pipeline-maven-3.6.6
pipeline-maven-3.6.6-beta-1
pipeline-maven-3.6.6-beta-2
pipeline-maven-3.6.6-beta-3
pipeline-maven-3.6.6-beta-4
pipeline-maven-3.6.7
pipeline-maven-3.6.8
pipeline-maven-3.6.8-beta-1
pipeline-maven-3.6.8-beta-2
pipeline-maven-3.6.9
pipeline-maven-3.7.0
pipeline-maven-3.7.0-beta-1
pipeline-maven-3.7.1
pipeline-maven-3.8.0
pipeline-maven-3.8.1
pipeline-maven-3.8.2
pipeline-maven-3.8.3
pipeline-maven-3.9.0
pipeline-maven-3.9.0-beta-1
pipeline-maven-3.9.1
pipeline-maven-3.9.2

pipeline-maven-parent-2.*

pipeline-maven-parent-2.0
pipeline-maven-parent-2.0-beta-3
pipeline-maven-parent-2.0-beta-4
pipeline-maven-parent-2.0-beta-5
pipeline-maven-parent-2.0-beta-6
pipeline-maven-parent-2.0-beta-7
pipeline-maven-parent-2.0.1
pipeline-maven-parent-2.0.2
pipeline-maven-parent-2.0.3
pipeline-maven-parent-2.1.0
pipeline-maven-parent-2.1.0-beta-1
pipeline-maven-parent-2.1.1-beta-1
pipeline-maven-parent-2.2.0
pipeline-maven-parent-2.2.1
pipeline-maven-parent-2.3.0
pipeline-maven-parent-2.3.1
pipeline-maven-parent-2.4.0
pipeline-maven-parent-2.5.0
pipeline-maven-parent-2.5.1
pipeline-maven-parent-2.5.2

pipeline-maven-pom-2.*

pipeline-maven-pom-2.0-beta-1
pipeline-maven-pom-2.0-beta-2