PT-2020-15387 · Jenkins · Jenkins Awseb Deployment Plugin+1
Wadeck Follonier
·
Published
2020-04-07
·
Updated
2023-10-25
·
CVE-2020-2174
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins AWSEB Deployment Plugin versions 0.3.19 and earlier
Description
The issue is related to a reflected cross-site scripting vulnerability. It occurs because the plugin does not escape various values printed as part of form validation output. This results in a reflected cross-site scripting (XSS) vulnerability.
Recommendations
For Jenkins AWSEB Deployment Plugin versions 0.3.19 and earlier, update to version 0.3.20 or later, which escapes the values printed as part of the affected form validation endpoints.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Awseb Deployment Plugin