CVE-2020-2316

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-2316

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2316.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-2316

Aliases

GHSA-fg6g-52rg-vr9q

Published

2020-11-04T15:15:12.413Z

Modified

2026-03-13T00:35:23.733854Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

References

https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1907

Affected packages

Git / github.com/jenkinsci/analysis-core-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/analysis-core-plugin

Events

Introduced

Last affected

6ed469a85ecf13e7f4239eafd12362e0fe18efad

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.96"
        }
    ]
}

Affected versions

analysis-core-1.*

analysis-core-1.17

analysis-core-1.18

analysis-core-1.19

analysis-core-1.20

analysis-core-1.21

analysis-core-1.22

analysis-core-1.23

analysis-core-1.24

analysis-core-1.25

analysis-core-1.26

analysis-core-1.27

analysis-core-1.28

analysis-core-1.29

analysis-core-1.30

analysis-core-1.31

analysis-core-1.32

analysis-core-1.33

analysis-core-1.34

analysis-core-1.35

analysis-core-1.36

analysis-core-1.37

analysis-core-1.38

analysis-core-1.39

analysis-core-1.40

analysis-core-1.41

analysis-core-1.42

analysis-core-1.43

analysis-core-1.44

analysis-core-1.45

analysis-core-1.46

analysis-core-1.47

analysis-core-1.48

analysis-core-1.49

analysis-core-1.50

analysis-core-1.51

analysis-core-1.52

analysis-core-1.53

analysis-core-1.54

analysis-core-1.55

analysis-core-1.56

analysis-core-1.57

analysis-core-1.58

analysis-core-1.59

analysis-core-1.60

analysis-core-1.61

analysis-core-1.62

analysis-core-1.63

analysis-core-1.64

analysis-core-1.65

analysis-core-1.66

analysis-core-1.67

analysis-core-1.68

analysis-core-1.69

analysis-core-1.70

analysis-core-1.71

analysis-core-1.72

analysis-core-1.73

analysis-core-1.74

analysis-core-1.75

analysis-core-1.76

analysis-core-1.77

analysis-core-1.78

analysis-core-1.79

analysis-core-1.80

analysis-core-1.81

analysis-core-1.82

analysis-core-1.83

analysis-core-1.84

analysis-core-1.86

analysis-core-1.87

analysis-core-1.88

analysis-core-1.89

analysis-core-1.90

analysis-core-1.91

analysis-core-1.92

analysis-core-1.93

analysis-core-1.94

analysis-core-1.95

analysis-core-1.96

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2316.json"