CVE-2020-2229

Опубликовано: 12 авг. 2020

Источник: redhat

CVSS3: 5.4

EPSS Низкий

Описание

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting (XSS) vulnerability. This highest threat from this vulnerability is to data confidentiality and integrity.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Fuse 7	jenkins	Not affected
Red Hat OpenShift Container Platform 3.11	jenkins	Fixed	RHSA-2020:4223	22.10.2020
Red Hat OpenShift Container Platform 4.3	jenkins	Fixed	RHSA-2020:3808	23.09.2020
Red Hat OpenShift Container Platform 4.4	openshift4/ose-jenkins	Fixed	RHSA-2020:4220	13.10.2020
Red Hat OpenShift Container Platform 4.5	jenkins	Fixed	RHSA-2020:3841	30.09.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1874830jenkins: user-specified tooltip values leads to stored cross-site scripting

EPSS

Процентиль: 85%

0.02572

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2020-2229

CVSS3: 5.4

nvd

больше 5 лет назад

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.

CVE-2020-2229

CVSS3: 5.4

debian

больше 5 лет назад

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...

GHSA-hvmc-7g2x-r3p9

CVSS3: 8

github

больше 3 лет назад

Jenkins Cross-Site Scripting vulnerability in help icons

EPSS

Процентиль: 85%

0.02572

Низкий

5.4 Medium

CVSS3