PT-2020-15409 · Jenkins · Jenkins Compact Columns Plugin+1
Tobias Gruetzmacher
·
Published
2020-06-03
·
Updated
2023-10-25
·
CVE-2020-2195
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Compact Columns Plugin versions 1.11 and earlier
Description
The issue results in a stored cross-site scripting vulnerability. This can be exploited by users with Job/Configure permission, as the unprocessed job description is displayed in tooltips.
Recommendations
For Jenkins Compact Columns Plugin versions 1.11 and earlier, update to version 1.12 or later, which applies the configured markup formatter to the job description shown in tooltips.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Compact Columns Plugin