CVE-2020-2317

Cross-site Scripting in maven/org.jvnet.hudson.plugins.findbugs/library

Identifier

CVE-2020-2317

Package Slug

maven/org.jvnet.hudson.plugins.findbugs/library

Vulnerability

Cross-site Scripting

Description

Jenkins FindBugs Plugin does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.

Affected Versions

All versions up to 5.0.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-11-12

source