4 matches found
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) potentially affected by CVE-2020-2317 via org.jvnet.hudson.plugins:findbugs (>=4.51 <=4.62)
org.jvnet.hudson.plugins:findbugs MAVEN version =4.51, =1.7.2, =1.0.0, =1.7.1 Source cves: CVE-2020-2317 Source advisory: OSV:GHSA-24G8-35X9-FV8R...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
The CVE-2020-2317 entry describes a stored XSS vulnerability in Jenkins FindBugs Plugin, affecting version 5.0.0 and earlier. The root cause is that the plugin does not escape the annotation message shown in tooltips, enabling an attacker who can supply report files to the plugin’s post-build ste...