CVE-2020-2223 Information

Description

Jenkins 2.244 and earlier LTS 2.235.1 and earlier does not escape correctly the ‘href’ attribute of links to downstream jobs displayed in the build console page resulting in a stored cross-site scripting vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.openwall.com/lists/oss-security/2020/07/15/5 https://jenkins.io/security/advisory/2020-07-15/SECURITY-1945

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4