CVE-2020-2137

2020-03-0916:15:12

Google

osv.dev

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.

References

www.openwall.com/lists/oss-security/2020/03/09/1

jenkins.io/security/advisory/2020-03-09/#SECURITY-1784