Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02YzdyLTZwNW0tY3A4Ms4AAjxg
Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
Permalink: https://github.com/advisories/GHSA-6c7r-6p5m-cp82JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02YzdyLTZwNW0tY3A4Ms4AAjxg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-6c7r-6p5m-cp82, CVE-2020-2136
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2136
- https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1723
- http://www.openwall.com/lists/oss-security/2020/03/09/1
- https://github.com/jenkinsci/git-plugin/commit/f581998be38cfed8e080c672c4b7caa8b4a45979
- https://github.com/advisories/GHSA-6c7r-6p5m-cp82
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:git
Affected Version Ranges: <= 4.2.0Fixed in: 4.2.1