First published: Wed Sep 16 2020(Updated: )
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Validating String Parameter | <=2.4 | |
maven/org.jenkins-ci.plugins:validating-string-parameter | <=2.4 | 2.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Jenkins plugin is CVE-2020-2257.
The title of this vulnerability is 'Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields'.
The severity of this vulnerability is medium (5.4).
This vulnerability can be exploited by attackers with Job/Configure permission using stored cross-site scripting (XSS).
To fix this vulnerability, you should update Jenkins Validating String Parameter Plugin to the latest version.