CVE-2020-2207

2020-07-0215:15:17

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

CPENameOperatorVersion
vncviewer-plugineqncviewer-1.6
vncviewer-plugineqncviewer-1.7

CPE	Name	Operator	Version
	vncviewer-plugin	eq	ncviewer-1.6
	vncviewer-plugin	eq	ncviewer-1.7

References

www.openwall.com/lists/oss-security/2020/07/02/7

jenkins.io/security/advisory/2020-07-02/#SECURITY-1776