CVE-2020-2174: XSS
First published: Tue Apr 07 2020(Updated: )
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Awseb Deployment | <=0.3.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-2174.
What is the title of the vulnerability?
The title of the vulnerability is 'Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of…'.
What is the severity of CVE-2020-2174?
The severity of CVE-2020-2174 is medium with a score of 6.1.
What is the description of CVE-2020-2174?
CVE-2020-2174 refers to a reflected cross-site scripting vulnerability in Jenkins AWSEB Deployment Plugin version 0.3.19 and earlier, due to the lack of escaping various values.
How can I fix the vulnerability in Jenkins AWSEB Deployment Plugin?
To fix the vulnerability in Jenkins AWSEB Deployment Plugin, you should update to a version later than 0.3.19 and apply any available patches or security advisories.
- collector/nvd-index
- collector/nvd-api
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins awseb deployment
- version/jenkins awseb deployment/0.3.19