CVE-2020-2257

2020-09-1614:15:13

Google

osv.dev

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CPENameOperatorVersion
validating-string-parameter-plugineqalidating-string-parameter-2.4
validating-string-parameter-plugineqalidating-string-parameter-2.3
validating-string-parameter-plugineqalidating-string-parameter-2.2
validating-string-parameter-plugineqalidating-string-parameter-2.1
validating-string-parameter-plugineqalidating-string-parameter-1.5
validating-string-parameter-plugineqalidating-string-parameter-2.0

Name	Operator	Version
validating-string-parameter-plugin	eq	alidating-string-parameter-2.4
validating-string-parameter-plugin	eq	alidating-string-parameter-2.3
validating-string-parameter-plugin	eq	alidating-string-parameter-2.2
validating-string-parameter-plugin	eq	alidating-string-parameter-2.1
validating-string-parameter-plugin	eq	alidating-string-parameter-1.5
validating-string-parameter-plugin	eq	alidating-string-parameter-2.0