Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2161 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/03/25/2

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1781

Related Vulnerabilities

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bc-fips-debug

CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2019-1003099 Vulnerability in maven package org.jenkins-ci.plugins:openid

CVE-2020-2208 Vulnerability in maven package org.jenkins-ci.plugins:slack-uploader

CVE-2023-40817 Vulnerability in maven package org.opencrx:opencrx-core-models

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory