2 matches found
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2271
CVE-2020-2271 affects Jenkins Locked Files Report Plugin (versions ≤ 1.6). The issue is a stored XSS where locked files’ names are not escaped in tooltips, exploitable by attackers with Job/Configure permission. Root cause: insufficient escaping in tooltip rendering. Impact is XSS within Jenkins ...