CVE-2020-2161

2021-06-1301:04:26

redhat.com

access.redhat.com

jenkins

lts

xss

vulnerability

label expressions

job configuration

EPSS

0.001

Percentile

22.0%

JSON

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.