CVE-2020-2317
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-2317
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2317.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-2317
- Aliases
- Published
- 2020-11-04T15:15:12Z
- Modified
- 2024-10-12T06:21:09.410393Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.
- References
Affected packages
Git / github.com/jenkinsci/findbugs-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/findbugs-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
findbugs-4.*
findbugs-4.20
findbugs-4.21
findbugs-4.22
findbugs-4.23
findbugs-4.24
findbugs-4.25
findbugs-4.26
findbugs-4.27
findbugs-4.28
findbugs-4.29
findbugs-4.30
findbugs-4.31
findbugs-4.32
findbugs-4.33
findbugs-4.34
findbugs-4.35
findbugs-4.36
findbugs-4.37
findbugs-4.38
findbugs-4.39
findbugs-4.40
findbugs-4.41
findbugs-4.42
findbugs-4.43
findbugs-4.44
findbugs-4.45
findbugs-4.46
findbugs-4.47
findbugs-4.48
findbugs-4.49
findbugs-4.50
findbugs-4.51
findbugs-4.52
findbugs-4.53
findbugs-4.58
findbugs-4.59
findbugs-4.60
findbugs-4.61
findbugs-4.62
findbugs-4.63
findbugs-4.64
findbugs-4.65
findbugs-4.67
findbugs-4.68
findbugs-4.69
findbugs-4.70
findbugs-4.71
findbugs-4.72
findbugs-4.73-beta
findbugs-5.*
findbugs-5.0.0
findbugs-5.0.0-beta2
findbugs-5.0.0-beta3
library-2.*
library-2.0.0
library-2.0.1
library-2.0.3
library-2.0.8
library-2.1.0
library-3.*
library-3.0.0
library-3.0.2
library-3.0.3
library-3.0.4
library-4.*
library-4.0.0
library-5.*
library-5.0.0
parent-1.*
parent-1.0
parent-1.1
parent-1.2
parent-1.3