Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/matrix-project@1.16

Type maven

Namespace org.jenkins-ci.plugins

Name matrix-project

Version 1.16

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.17

Latest_non_vulnerable_version 822.824.v14451b

Affected_by_vulnerabilities

url VCID-cnub-whtt-c7ej

vulnerability_id VCID-cnub-whtt-c7ej

summary

Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin
Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Agent/Configure permission.

Matrix Project Plugin 1.17 escapes the node names shown in these tooltips.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2224.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2224

reference_id

reference_type

scores

value	0.00289
scoring_system	epss
scoring_elements	0.52415
published_at	2026-04-21T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52285
published_at	2026-04-01T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52327
published_at	2026-04-02T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52355
published_at	2026-04-04T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52317
published_at	2026-04-07T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52371
published_at	2026-04-08T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52366
published_at	2026-04-09T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52416
published_at	2026-04-11T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.524
published_at	2026-04-12T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52386
published_at	2026-04-13T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52424
published_at	2026-04-16T12:55:00Z

value	0.00289
scoring_system	epss
scoring_elements	0.52431
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2224

reference_url

https://github.com/jenkinsci/matrix-project-plugin

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/matrix-project-plugin

reference_url

https://github.com/jenkinsci/matrix-project-plugin/commit/b5f22a43147360896442c4a7719446a864898cb4

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/matrix-project-plugin/commit/b5f22a43147360896442c4a7719446a864898cb4

reference_url

https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2224

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2224

reference_url

http://www.openwall.com/lists/oss-security/2020/07/15/5

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/07/15/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857436
reference_id	1857436
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857436

reference_url

https://github.com/advisories/GHSA-h6qc-455m-7v6v

reference_id

GHSA-h6qc-455m-7v6v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6qc-455m-7v6v

reference_url	https://access.redhat.com/errata/RHSA-2020:3453
reference_id	RHSA-2020:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3453

reference_url	https://access.redhat.com/errata/RHSA-2020:3541
reference_id	RHSA-2020:3541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3541

reference_url	https://access.redhat.com/errata/RHSA-2020:3625
reference_id	RHSA-2020:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3625

reference_url	https://access.redhat.com/errata/RHSA-2020:4265
reference_id	RHSA-2020:4265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4265

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/matrix-project@1.17
purl	pkg:maven/org.jenkins-ci.plugins/matrix-project@1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/matrix-project@1.17

aliases CVE-2020-2224, GHSA-h6qc-455m-7v6v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnub-whtt-c7ej

url VCID-js1p-kbgy-6be8

vulnerability_id VCID-js1p-kbgy-6be8

summary

Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.

Matrix Project Plugin 1.17 escapes the axis names shown in these tooltips.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2225.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2225.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2225

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53727
published_at	2026-04-21T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53618
published_at	2026-04-01T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53642
published_at	2026-04-02T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.5367
published_at	2026-04-04T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53638
published_at	2026-04-07T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.5369
published_at	2026-04-08T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53688
published_at	2026-04-09T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53737
published_at	2026-04-11T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.5372
published_at	2026-04-12T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53704
published_at	2026-04-13T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53741
published_at	2026-04-16T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53745
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2225

reference_url

https://github.com/jenkinsci/matrix-project-plugin

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/matrix-project-plugin

reference_url

https://github.com/jenkinsci/matrix-project-plugin/commit/b5f22a43147360896442c4a7719446a864898cb4

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/matrix-project-plugin/commit/b5f22a43147360896442c4a7719446a864898cb4

reference_url

https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2225

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2225

reference_url

http://www.openwall.com/lists/oss-security/2020/07/15/5

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/07/15/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857439
reference_id	1857439
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857439

reference_url

https://github.com/advisories/GHSA-w43x-5f8f-686p

reference_id

GHSA-w43x-5f8f-686p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w43x-5f8f-686p

reference_url	https://access.redhat.com/errata/RHSA-2020:3453
reference_id	RHSA-2020:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3453

reference_url	https://access.redhat.com/errata/RHSA-2020:3541
reference_id	RHSA-2020:3541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3541

reference_url	https://access.redhat.com/errata/RHSA-2020:3625
reference_id	RHSA-2020:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3625

reference_url	https://access.redhat.com/errata/RHSA-2020:4265
reference_id	RHSA-2020:4265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4265

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/matrix-project@1.17
purl	pkg:maven/org.jenkins-ci.plugins/matrix-project@1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/matrix-project@1.17

aliases CVE-2020-2225, GHSA-w43x-5f8f-686p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-js1p-kbgy-6be8

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/matrix-project@1.16

Package Instance