Identifier

CVE-2020-2238

Package Slug

maven/org.jenkins-ci.tools/git-parameter

Vulnerability

Cross-site Scripting

Description

Jenkins Git Parameter Plug does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Affected Versions

All versions up to 0.9.12

Solution

Upgrade to version 0.9.13 or above.

Last Modified

2020-09-07

source