WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2161 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.

Remediation

References

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1781

http://www.openwall.com/lists/oss-security/2020/03/25/2

Related Vulnerabilities

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2016-1181 Vulnerability in maven package struts:struts

CVE-2022-4135 Vulnerability in npm package electron

CVE-2018-7307 Vulnerability in maven package org.webjars.npm:auth0-js

CVE-2022-34194 Vulnerability in maven package org.jenkins-ci.plugins:readonly-parameters

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory