CVE-2020-2112

2020-02-1215:15:12

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.

CPENameOperatorVersion
git-parameter-plugineqgit-parameter-0.2
git-parameter-plugineqgit-parameter-0.8.0
git-parameter-plugineqgit-parameter-0.9.5
git-parameter-plugineqgit-parameter-0.6.1
git-parameter-plugineqgit-parameter-0.3.1
git-parameter-plugineqgit-parameter-0.9.0
git-parameter-plugineqgit-parameter-0.5.1
git-parameter-plugineqgit-parameter-0.3.2
git-parameter-plugineqgit-parameter-0.9.6
git-parameter-plugineqgit-parameter-0.9.10

Name	Operator	Version
git-parameter-plugin	eq	git-parameter-0.2
git-parameter-plugin	eq	git-parameter-0.8.0
git-parameter-plugin	eq	git-parameter-0.9.5
git-parameter-plugin	eq	git-parameter-0.6.1
git-parameter-plugin	eq	git-parameter-0.3.1
git-parameter-plugin	eq	git-parameter-0.9.0
git-parameter-plugin	eq	git-parameter-0.5.1
git-parameter-plugin	eq	git-parameter-0.3.2
git-parameter-plugin	eq	git-parameter-0.9.6
git-parameter-plugin	eq	git-parameter-0.9.10