Lucene search
GoogleOSV:GHSA-M7PR-M4CX-6M22HistoryMay 24, 2022 - 5:12 p.m.
Reflected XSS vulnerability in Jenkins Queue cleanup Plugin
2022-05-2417:12:41
Google
osv.dev
5
jenkins
queue cleanup plugin
reflected xss
form validation
http endpoint
query parameter
cross-site scripting vulnerability
EPSS
0.001
Percentile
36.1%
A form validation HTTP endpoint in Queue cleanup Plugin 1.3 and earlier does not escape a query parameter displayed in an error message. This results in a reflected cross-site scripting vulnerability (XSS).
Queue cleanup Plugin 1.4 correctly escapes the query parameter.
References
www.openwall.com/lists/oss-security/2020/03/25/2
github.com/jenkinsci/queue-cleanup-plugin
github.com/jenkinsci/queue-cleanup-plugin/commit/b3e562a427e704fc15dafe7664bd67aafcd4e03e
github.com/jenkinsci/queue-cleanup-plugin/commit/e7dae99aa3a414004e953303c7c687d65348de11
jenkins.io/security/advisory/2020-03-25/#SECURITY-1724
nvd.nist.gov/vuln/detail/CVE-2020-2169
Related
github
github
Reflected XSS vulnerability in Jenkins Queue cleanup Plugin
2022-05-24 17:12:41
prion
prion
Cross site scripting
2020-03-25 17:15:00
cve
cve
CVE-2020-2169
2020-03-25 17:15:15
osv
osv
CVE-2020-2169
2020-03-25 17:15:15
cvelist
cvelist
CVE-2020-2169
2020-03-25 16:05:38
nvd
nvd
CVE-2020-2169
2020-03-25 17:15:15