CVE-2020-2316

2020-11-0415:15:12

Google

osv.dev

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CPENameOperatorVersion
analysis-core-plugineqanalysis-core-1.50
analysis-core-plugineqanalysis-core-1.79
analysis-core-plugineqanalysis-core-1.62
analysis-core-plugineqanalysis-core-1.64
analysis-core-plugineqanalysis-core-1.55
analysis-core-plugineqanalysis-core-1.20
analysis-core-plugineqanalysis-core-1.72
analysis-core-plugineqanalysis-core-1.30
analysis-core-plugineqanalysis-core-1.75
analysis-core-plugineqanalysis-core-1.41

Name	Operator	Version
analysis-core-plugin	eq	analysis-core-1.50
analysis-core-plugin	eq	analysis-core-1.79
analysis-core-plugin	eq	analysis-core-1.62
analysis-core-plugin	eq	analysis-core-1.64
analysis-core-plugin	eq	analysis-core-1.55
analysis-core-plugin	eq	analysis-core-1.20
analysis-core-plugin	eq	analysis-core-1.72
analysis-core-plugin	eq	analysis-core-1.30
analysis-core-plugin	eq	analysis-core-1.75
analysis-core-plugin	eq	analysis-core-1.41