CVE-2020-2217: Cross-site Scripting

July 2, 2020 (updated July 7, 2020)

Jenkins Compatibility Action Storage Plugin does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

References

jenkins.io/security/advisory/2020-07-02/
nvd.nist.gov/vuln/detail/CVE-2020-2217

Detect and mitigate CVE-2020-2217 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →