Lucene search
GoogleOSV:GHSA-VR6V-WJFW-RXCRHistoryMay 24, 2022 - 5:23 p.m.
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
2022-05-2417:23:39
Google
osv.dev
13
jenkins
matrix authorization strategy plugin
stored xss
cross-site scripting
vulnerability
permission table
user names
escaping
2.6.1
2.6.2
EPSS
0.001
Percentile
22.0%
Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting (XSS) vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or Agent/Configure permission, otherwise by users with Overall/Administer permission.
Matrix Authorization Strategy Plugin 2.6.2 escapes user names in the permission table.
Related
cvelist
cvelist
CVE-2020-2226
2020-07-15 17:00:28
veracode
veracode
Cross-site Scripting (XSS)
2020-08-19 02:50:00
redhatcve
redhatcve
CVE-2020-2226
2020-07-15 21:07:44
osv
osv
CVE-2020-2226
2020-07-15 18:15:37
github
github
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
2022-05-24 17:23:39
prion
prion
Cross site scripting
2020-07-15 18:15:00
nvd
nvd
CVE-2020-2226
2020-07-15 18:15:37
cve
cve
CVE-2020-2226
2020-07-15 18:15:37
redhat
redhat
nessus
nessus
RHEL 7 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)
2020-08-18 00:00:00