CVE-2020-2289

2020-10-0813:15:11

Google

osv.dev

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CPENameOperatorVersion
active-choices-pluginequno-choice-1.1
active-choices-pluginequno-choice-0.15
active-choices-pluginequno-choice-0.3
active-choices-pluginequno-choice-0.17
active-choices-pluginequno-choice-2.2.1
active-choices-pluginequno-choice-0.5
active-choices-pluginequno-choice-2.0
active-choices-pluginequno-choice-1.5
active-choices-pluginequno-choice-0.11
active-choices-pluginequno-choice-2.4

Name	Operator	Version
active-choices-plugin	eq	uno-choice-1.1
active-choices-plugin	eq	uno-choice-0.15
active-choices-plugin	eq	uno-choice-0.3
active-choices-plugin	eq	uno-choice-0.17
active-choices-plugin	eq	uno-choice-2.2.1
active-choices-plugin	eq	uno-choice-0.5
active-choices-plugin	eq	uno-choice-2.0
active-choices-plugin	eq	uno-choice-1.5
active-choices-plugin	eq	uno-choice-0.11
active-choices-plugin	eq	uno-choice-2.4