PT-2020-15346 · Jenkins · Jenkins Timestamper Plugin+1
Wadeck Follonier
·
Published
2020-03-09
·
Updated
2023-11-02
·
CVE-2020-2137
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Timestamper Plugin versions 1.11.1 and earlier
Description
The issue results in a stored cross-site scripting vulnerability due to the lack of sanitization of HTML formatting in the output. This can be exploited by attackers with Overall/Administer permission. The vulnerability allows malicious users to inject HTML code, potentially leading to unauthorized actions.
Recommendations
For Jenkins Timestamper Plugin versions 1.11.1 and earlier, update to version 1.11.2 or later, which sanitizes the HTML formatting for timestamps and only allows basic, safe HTML formatting.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Timestamper Plugin