CVE-2020-2271

Cross-site Scripting in maven/org.jvnet.hudson.plugins/locked-files-report

Identifiers

CVE-2020-2271

Package Slug

maven/org.jvnet.hudson.plugins/locked-files-report

Vulnerability

Cross-site Scripting

Description

Jenkins Locked Files Report Plugin does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Affected Versions

All versions up to 1.6

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-21

source