CVE-2020-2214

2020-07-0215:15:18

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

CPENameOperatorVersion
zap-pipeline-plugineqzap-pipeline-1.5.0
zap-pipeline-plugineq1.0
zap-pipeline-plugineq1.1
zap-pipeline-plugineqzap-pipeline-1.4.2
zap-pipeline-plugineqzap-pipeline-1.5.1
zap-pipeline-plugineq1.4.1
zap-pipeline-plugineq1.8
zap-pipeline-plugineqzap-pipeline-1.5.11
zap-pipeline-plugineqzap-pipeline-1.9
zap-pipeline-plugineqzap-pipeline-1.8.1

Name	Operator	Version
zap-pipeline-plugin	eq	zap-pipeline-1.5.0
zap-pipeline-plugin	eq	1.0
zap-pipeline-plugin	eq	1.1
zap-pipeline-plugin	eq	zap-pipeline-1.4.2
zap-pipeline-plugin	eq	zap-pipeline-1.5.1
zap-pipeline-plugin	eq	1.4.1
zap-pipeline-plugin	eq	1.8
zap-pipeline-plugin	eq	zap-pipeline-1.5.11
zap-pipeline-plugin	eq	zap-pipeline-1.9
zap-pipeline-plugin	eq	zap-pipeline-1.8.1