[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

Cross-site scripting vulnerability in Jenkins through HTML content - CVE-2020-2223 (MAC OS X)

ID: oval:org.secpod.oval:def:64678Date: (C)2020-07-28   (M)2023-12-02
Class: VULNERABILITYFamily: macos




The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping 'href' attribute of links to downstream jobs displayed in the build console page. Successful exploitation could allow attackers to cause a stored XSS vulnerability.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X 10.13
Apple Mac OS X 10.14
Product:
Jenkins LTS
Jenkins rolling release
Reference:
CVE-2020-2223
CVE    1
CVE-2020-2223

© SecPod Technologies