Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
{"cve": [{"lastseen": "2023-12-06T15:45:44", "description": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-03-25T17:15:00", "type": "cve", "title": "CVE-2020-2163", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2163"], "modified": "2023-11-02T21:11:00", "cpe": ["cpe:/a:jenkins:jenkins:2.227", "cpe:/a:jenkins:jenkins:2.204.5"], "id": "CVE-2020-2163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2163", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:jenkins:jenkins:2.227:*:*:*:-:*:*:*", "cpe:2.3:a:jenkins:jenkins:2.204.5:*:*:*:lts:*:*:*"]}], "prion": [{"lastseen": "2023-11-22T01:27:23", "description": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-03-25T17:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2163"], "modified": "2023-11-02T21:11:00", "id": "PRION:CVE-2020-2163", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-2163", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-27T10:55:32", "description": "jenkins is vulnerable to cross-site scripting (XSS). The vulnerability exists as it improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-07-04T03:15:07", "type": "veracode", "title": "Cross-site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2163"], "modified": "2022-04-19T18:46:00", "id": "VERACODE:25817", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25817/summary", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "alpinelinux": [{"lastseen": "2023-12-07T16:20:45", "description": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-03-25T17:15:00", "type": "alpinelinux", "title": "CVE-2020-2163", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2163"], "modified": "2023-11-02T21:11:00", "id": "ALPINE:CVE-2020-2163", "href": "https://security.alpinelinux.org/vuln/CVE-2020-2163", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2023-04-11T01:39:44", "description": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-24T17:12:40", "type": "osv", "title": "Improper Neutralization of Input During Web Page Generation in Jenkins", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2163"], "modified": "2023-04-11T01:39:38", "id": "OSV:GHSA-2XCM-H7VV-G8M9", "href": "https://osv.dev/vulnerability/GHSA-2xcm-h7vv-g8m9", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "github": [{"lastseen": "2023-12-06T17:27:56", "description": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-05-24T17:12:40", "type": "github", "title": "Improper Neutralization of Input During Web Page Generation in Jenkins", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2163"], "modified": "2023-01-27T05:02:53", "id": "GHSA-2XCM-H7VV-G8M9", "href": "https://github.com/advisories/GHSA-2xcm-h7vv-g8m9", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-11-11T15:34:06", "description": "The version of Jenkins running on the remote web server is prior to 2.228 or is a version of Jenkins LTS prior to 2.204.6 or 2.222.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An authentication bypass vulnerability exists in Jenkins' CSRF prevention component. An unauthenticated, remote attacker can exploit this, by sending specially crafted requests to a vulnerable Jenkins instance, to bypass authentication and conduct a CSRF attack (CVE-2020-2160).\n\n - A stored cross-site scripting (XSS) vulnerability exists in Jenkins' label expression validation component due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session (CVE-2020-2161).\n\n - A stored cross-site scripting (XSS) vulnerability exists in Jenkins' file parameter component due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session (CVE-2020-2162).\n\n Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "Jenkins < (2.204.6 / 2.222.1) LTS / 2.228 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2160", "CVE-2020-2161", "CVE-2020-2162", "CVE-2020-2163"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cloudbees:jenkins"], "id": "JENKINS_SECURITY_ADVISORY_2020-03-25.NASL", "href": "https://www.tenable.com/plugins/nessus/135178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135178);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2020-2160\",\n \"CVE-2020-2161\",\n \"CVE-2020-2162\",\n \"CVE-2020-2163\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0126-S\");\n\n script_name(english:\"Jenkins < (2.204.6 / 2.222.1) LTS / 2.228 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Jenkins running on the remote web server is prior to 2.228 or is a version of Jenkins LTS prior to \n2.204.6 or 2.222.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An authentication bypass vulnerability exists in Jenkins' CSRF prevention component. An unauthenticated, remote \n attacker can exploit this, by sending specially crafted requests to a vulnerable Jenkins instance, to bypass \n authentication and conduct a CSRF attack (CVE-2020-2160).\n\n - A stored cross-site scripting (XSS) vulnerability exists in Jenkins' label expression validation component due to \n improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can \n exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's \n browser session (CVE-2020-2161).\n\n - A stored cross-site scripting (XSS) vulnerability exists in Jenkins' file parameter component due to improper \n validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this,\n by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser \n session (CVE-2020-2162).\n\n Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\n number.\");\n # https://jenkins.io/security/advisory/2020-03-25/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?edd15de3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins to version 2.228 or later. Upgrade Jenkins LTS to version 2.204.6, 2.222.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n { 'fixed_version' : '2.228', 'fixed_display' : '2.204.6 or 2.222.1 LTS / 2.228', 'edition' : 'Open Source' },\n { 'fixed_version' : '2.204.6', 'fixed_display' : '2.204.6 or 2.222.1 LTS / 2.228', 'edition' : 'Open Source LTS' }\n];\n\nvcf::jenkins::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:31:05", "description": "Jenkins Security Advisory : Description(High) SECURITY-1774 / CVE-2020-2160 CSRF protection for any URL could be bypassed (Medium) SECURITY-1781 / CVE-2020-2161 Stored XSS vulnerability in label expression validation (Medium) SECURITY-1793 / CVE-2020-2162 Stored XSS vulnerability in file parameters (Medium) SECURITY-1796 / CVE-2020-2163 Stored XSS vulnerability in list view column headers", "cvss3": {}, "published": "2020-03-26T00:00:00", "type": "nessus", "title": "FreeBSD : jenkins -- multiple vulnerabilities (5bf6ed6d-9002-4f43-ad63-458f59e45384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2160", "CVE-2020-2161", "CVE-2020-2162", "CVE-2020-2163"], "modified": "2020-04-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:jenkins", "p-cpe:/a:freebsd:freebsd:jenkins-lts", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5BF6ED6D90024F43AD63458F59E45384.NASL", "href": "https://www.tenable.com/plugins/nessus/134922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134922);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/02\");\n\n script_cve_id(\"CVE-2020-2160\", \"CVE-2020-2161\", \"CVE-2020-2162\", \"CVE-2020-2163\");\n\n script_name(english:\"FreeBSD : jenkins -- multiple vulnerabilities (5bf6ed6d-9002-4f43-ad63-458f59e45384)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jenkins Security Advisory : Description(High) SECURITY-1774 /\nCVE-2020-2160 CSRF protection for any URL could be bypassed (Medium)\nSECURITY-1781 / CVE-2020-2161 Stored XSS vulnerability in label\nexpression validation (Medium) SECURITY-1793 / CVE-2020-2162 Stored\nXSS vulnerability in file parameters (Medium) SECURITY-1796 /\nCVE-2020-2163 Stored XSS vulnerability in list view column headers\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://jenkins.io/security/advisory/2020-03-25/\"\n );\n # https://vuxml.freebsd.org/freebsd/5bf6ed6d-9002-4f43-ad63-458f59e45384.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be2bbc7a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2160\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jenkins-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"jenkins<=2.227\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"jenkins-lts<=2.204.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-04-03T16:49:25", "description": "Jenkins is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-03-26T00:00:00", "type": "openvas", "title": "Jenkins < 2.228, < 2.204.6 LTS Multiple vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2163", "CVE-2020-2162", "CVE-2020-2161", "CVE-2020-2160"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310143641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143641", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:jenkins:jenkins\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143641\");\n script_version(\"2020-04-02T06:08:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 06:08:29 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-26 03:51:35 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2020-2160\", \"CVE-2020-2161\", \"CVE-2020-2162\", \"CVE-2020-2163\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Jenkins < 2.228, < 2.204.6 LTS Multiple vulnerabilities (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jenkins_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"jenkins/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Jenkins is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Jenkins is prone to multiple vulnerabilities:\n\n - CSRF protection for any URL could be bypassed (CVE-2020-2160)\n\n - Stored XSS vulnerability in label expression validation (CVE-2020-2161)\n\n - Stored XSS vulnerability in file parameters (CVE-2020-2162)\n\n - Stored XSS vulnerability in list view column headers (CVE-2020-2163)\");\n\n script_tag(name:\"affected\", value:\"Jenkins version 2.227 and prior and 2.204.5 LTS and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.228, 2.204.6 LTS or later.\");\n\n script_xref(name:\"URL\", value:\"https://jenkins.io/security/advisory/2020-03-25/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_full(cpe: CPE, port: port))\n exit(0);\n\nif (!version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif (get_kb_item(\"jenkins/\" + port + \"/is_lts\")) {\n if (version_is_less(version: version, test_version: \"2.204.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.204.6\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_is_less(version: version, test_version: \"2.228\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.228\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-03T16:49:25", "description": "Jenkins is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-03-26T00:00:00", "type": "openvas", "title": "Jenkins < 2.228, < 2.204.6 LTS Multiple vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2163", "CVE-2020-2162", "CVE-2020-2161", "CVE-2020-2160"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310143642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143642", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:jenkins:jenkins\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143642\");\n script_version(\"2020-04-02T06:08:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 06:08:29 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-26 04:10:34 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2020-2160\", \"CVE-2020-2161\", \"CVE-2020-2162\", \"CVE-2020-2163\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Jenkins < 2.228, < 2.204.6 LTS Multiple vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jenkins_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"jenkins/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Jenkins is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Jenkins is prone to multiple vulnerabilities:\n\n - CSRF protection for any URL could be bypassed (CVE-2020-2160)\n\n - Stored XSS vulnerability in label expression validation (CVE-2020-2161)\n\n - Stored XSS vulnerability in file parameters (CVE-2020-2162)\n\n - Stored XSS vulnerability in list view column headers (CVE-2020-2163)\");\n\n script_tag(name:\"affected\", value:\"Jenkins version 2.227 and prior and 2.204.5 LTS and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.228, 2.204.6 LTS or later.\");\n\n script_xref(name:\"URL\", value:\"https://jenkins.io/security/advisory/2020-03-25/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_full(cpe: CPE, port: port))\n exit(0);\n\nif (!version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif (get_kb_item(\"jenkins/\" + port + \"/is_lts\")) {\n if (version_is_less(version: version, test_version: \"2.204.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.204.6\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_is_less(version: version, test_version: \"2.228\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.228\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-06T15:47:19", "description": "\n\nJenkins Security Advisory:\n\nDescription\n(High) SECURITY-1774 / CVE-2020-2160\nCSRF protection for any URL could be bypassed\n(Medium) SECURITY-1781 / CVE-2020-2161\nStored XSS vulnerability in label expression validation\n(Medium) SECURITY-1793 / CVE-2020-2162\nStored XSS vulnerability in file parameters\n(Medium) SECURITY-1796 / CVE-2020-2163\nStored XSS vulnerability in list view column headers\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-25T00:00:00", "type": "freebsd", "title": "jenkins -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2160", "CVE-2020-2161", "CVE-2020-2162", "CVE-2020-2163"], "modified": "2020-03-25T00:00:00", "id": "5BF6ED6D-9002-4F43-AD63-458F59E45384", "href": "https://vuxml.freebsd.org/freebsd/5bf6ed6d-9002-4f43-ad63-458f59e45384.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2020-2163
