Identifier

CVE-2020-2244

Package Slug

maven/com.sonyericsson.jenkins.plugins.bfa/build-failure-analyzer

Vulnerability

Cross-site Scripting

Description

Jenkins Build Failure Analyzer Plugin does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.

Affected Versions

All versions up to 1.27.0

Solution

Upgrade to version 1.27.1 or above.

Last Modified

2020-09-07

source