PT-2020-15351 · Jenkins · Jenkins Audit Trail Plugin+1
Wadeck Follonier
·
Published
2020-03-09
·
Updated
2023-10-25
·
CVE-2020-2140
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Audit Trail Plugin versions 3.2 and earlier
Description
The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the URL Patterns field form validation is not properly escaped. This allows for potential malicious script injection. The Audit Trail Plugin version 3.3 addresses this issue by escaping the affected part of the error message.
Recommendations
For Jenkins Audit Trail Plugin versions 3.2 and earlier, update to version 3.3 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Audit Trail Plugin