GSA_kwCzR0hTQS0yYzg0LTM1cnYtNnEzZs4AAl8j

High EPSS: 0.00233% (0.46033 Percentile) EPSS:

Permalink JSON

Stored XSS vulnerability in ClearCase Release Plugin

Affected Packages	Affected Versions	Fixed Versions
maven:org.jvnet.hudson.plugins:clearcase-release	<= 0.3	No known fixed version
0 Dependent packages 0 Dependent repositories Affected Version Ranges All affected versions

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-2270
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1911
http://www.openwall.com/lists/oss-security/2020/09/16/3
https://github.com/advisories/GHSA-2c84-35rv-6q3f

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS0yYzg0LTM1cnYtNnEzZs4AAl8j

Stored XSS vulnerability in ClearCase Release Plugin

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API