VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.236

Search for packages

Vulnerability	Summary	Fixed by
VCID-cgen-qcyh-yqbu Aliases: CVE-2020-2230 GHSA-9g4m-ffx6-c29g	Jenkins Cross-site Scripting vulnerability in project naming strategy Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4 escapes the project naming strategy description.	2.252 Affected by 0 other vulnerabilities.
VCID-fy5p-8vcs-zkha Aliases: CVE-2020-2229 GHSA-hvmc-7g2x-r3p9	Jenkins Cross-Site Scripting vulnerability in help icons Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.	2.252 Affected by 0 other vulnerabilities.
VCID-he3v-ysf3-zkb8 Aliases: CVE-2020-2223 GHSA-gfhj-524q-gcrm	Stored XSS vulnerability in Jenkins console links Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.	2.245 Affected by 0 other vulnerabilities.
VCID-kusb-1k76-a3ck Aliases: CVE-2020-2220 GHSA-qgj4-rc8m-44mq	Stored XSS vulnerability in Jenkins job build time trend Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name.	2.245 Affected by 0 other vulnerabilities.
VCID-nqxw-x7ea-aqew Aliases: CVE-2020-2221 GHSA-g4j6-m3m3-crw8	Stored XSS vulnerability in Jenkins upstream cause Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the job display name.	2.245 Affected by 0 other vulnerabilities.
VCID-v5aw-ffxe-ckdv Aliases: CVE-2020-2222 GHSA-864v-5q2g-fr64	Stored XSS vulnerability in Jenkins 'keep forever' badge icon Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names. As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations. Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.	2.245 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cgen-qcyh-yqbu
Aliases:
CVE-2020-2230
GHSA-9g4m-ffx6-c29g

Jenkins Cross-site Scripting vulnerability in project naming strategy Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4 escapes the project naming strategy description.

2.252
Affected by 0 other vulnerabilities.

VCID-fy5p-8vcs-zkha
Aliases:
CVE-2020-2229
GHSA-hvmc-7g2x-r3p9

Jenkins Cross-Site Scripting vulnerability in help icons Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons.

2.252
Affected by 0 other vulnerabilities.

VCID-he3v-ysf3-zkb8
Aliases:
CVE-2020-2223
GHSA-gfhj-524q-gcrm

Stored XSS vulnerability in Jenkins console links Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.

2.245
Affected by 0 other vulnerabilities.

VCID-kusb-1k76-a3ck
Aliases:
CVE-2020-2220
GHSA-qgj4-rc8m-44mq

Stored XSS vulnerability in Jenkins job build time trend Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name.

2.245
Affected by 0 other vulnerabilities.

VCID-nqxw-x7ea-aqew
Aliases:
CVE-2020-2221
GHSA-g4j6-m3m3-crw8

Stored XSS vulnerability in Jenkins upstream cause Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the job display name.

2.245
Affected by 0 other vulnerabilities.

VCID-v5aw-ffxe-ckdv
Aliases:
CVE-2020-2222
GHSA-864v-5q2g-fr64

Stored XSS vulnerability in Jenkins 'keep forever' badge icon Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names. As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations. Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.

2.245
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:32:42.006552+00:00	GHSA Importer	Affected by	VCID-cgen-qcyh-yqbu	https://github.com/advisories/GHSA-9g4m-ffx6-c29g	38.1.0
2026-04-04T14:32:41.911340+00:00	GHSA Importer	Affected by	VCID-fy5p-8vcs-zkha	https://github.com/advisories/GHSA-hvmc-7g2x-r3p9	38.1.0
2026-04-04T14:32:40.461752+00:00	GHSA Importer	Affected by	VCID-v5aw-ffxe-ckdv	https://github.com/advisories/GHSA-864v-5q2g-fr64	38.1.0
2026-04-04T14:32:40.428983+00:00	GHSA Importer	Affected by	VCID-nqxw-x7ea-aqew	https://github.com/advisories/GHSA-g4j6-m3m3-crw8	38.1.0
2026-04-04T14:32:40.338263+00:00	GHSA Importer	Affected by	VCID-kusb-1k76-a3ck	https://github.com/advisories/GHSA-qgj4-rc8m-44mq	38.1.0
2026-04-04T14:32:40.241265+00:00	GHSA Importer	Affected by	VCID-he3v-ysf3-zkb8	https://github.com/advisories/GHSA-gfhj-524q-gcrm	38.1.0