CVE-2020-2231 — Vulnetix

CVE-2020-2231 PUBLISHED

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.

EPSS 0.47% · 65.0th percentile

Risk Scores

EPSS Score

0.47%

65.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	0
Bitnami	jenkins	0

Timeline

Aug 12, 2020 CVE Published
Dec 18, 2020 CVE Updated
Dec 18, 2020 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 27, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score

References

http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html url
http://www.openwall.com/lists/oss-security/2020/08/12/4 url
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960 url
https://nvd.nist.gov/vuln/detail/CVE-2020-2231 url

Open in Interactive Console →