CVE-2020-2152

Опубликовано: 09 мар. 2020

Источник: redhat

CVSS3: 6.1

Описание

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

Отчет

The jenkins-2-plugins package includes subversion plugin, not svn-release-mgr-plugin and is therefore not affected by this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins-2-plugins	Not affected
Red Hat OpenShift Container Platform 4	jenkins-2-plugins	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1819233jenkins-subversion-plugin: error message for Repository URL field form validation leads to reflected XSS

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2020-2152

CVSS3: 6.1

nvd

почти 6 лет назад

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

GHSA-wc2g-9j98-vcgw

CVSS3: 6.1

github

больше 3 лет назад

Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)

6.1 Medium

CVSS3