CVE-2020-2161
Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.303
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2020-2160,CVE-2020-2161,CVE-2020-2162,CVE-2020-2163 are affected in Jenkins 2.227 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160 are fixed in Jenkins-Core 2.204.6 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core 204 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core 222 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core 2.228 | Windows |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160 are fixed in Jenkins-Core for Linux 2.204.6 | Linux |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core for Linux 204 | Linux |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core for Linux 222 | Linux |
| Vulnerabilities CVE-2020-2163,CVE-2020-2161,CVE-2020-2160,CVE-2020-2162 are fixed in Jenkins-Core for Linux 2.228 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234