VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.245

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-he3v-ysf3-zkb8	Stored XSS vulnerability in Jenkins console links Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.	CVE-2020-2223 GHSA-gfhj-524q-gcrm
VCID-kusb-1k76-a3ck	Stored XSS vulnerability in Jenkins job build time trend Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name.	CVE-2020-2220 GHSA-qgj4-rc8m-44mq
VCID-nqxw-x7ea-aqew	Stored XSS vulnerability in Jenkins upstream cause Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the job display name.	CVE-2020-2221 GHSA-g4j6-m3m3-crw8
VCID-v5aw-ffxe-ckdv	Stored XSS vulnerability in Jenkins 'keep forever' badge icon Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names. As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations. Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.	CVE-2020-2222 GHSA-864v-5q2g-fr64

Vulnerability

Summary

Aliases

VCID-he3v-ysf3-zkb8

Stored XSS vulnerability in Jenkins console links Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.

CVE-2020-2223
GHSA-gfhj-524q-gcrm

VCID-kusb-1k76-a3ck

Stored XSS vulnerability in Jenkins job build time trend Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name.

CVE-2020-2220
GHSA-qgj4-rc8m-44mq

VCID-nqxw-x7ea-aqew

Stored XSS vulnerability in Jenkins upstream cause Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the job display name.

CVE-2020-2221
GHSA-g4j6-m3m3-crw8

VCID-v5aw-ffxe-ckdv

Stored XSS vulnerability in Jenkins 'keep forever' badge icon Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names. As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations. Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.

CVE-2020-2222
GHSA-864v-5q2g-fr64

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:32:40.468622+00:00	GHSA Importer	Fixing	VCID-v5aw-ffxe-ckdv	https://github.com/advisories/GHSA-864v-5q2g-fr64	38.1.0
2026-04-04T14:32:40.435977+00:00	GHSA Importer	Fixing	VCID-nqxw-x7ea-aqew	https://github.com/advisories/GHSA-g4j6-m3m3-crw8	38.1.0
2026-04-04T14:32:40.345409+00:00	GHSA Importer	Fixing	VCID-kusb-1k76-a3ck	https://github.com/advisories/GHSA-qgj4-rc8m-44mq	38.1.0
2026-04-04T14:32:40.248242+00:00	GHSA Importer	Fixing	VCID-he3v-ysf3-zkb8	https://github.com/advisories/GHSA-gfhj-524q-gcrm	38.1.0
2026-04-02T12:36:56.024574+00:00	GitLab Importer	Fixing	VCID-nqxw-x7ea-aqew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2020-2221.yml	38.0.0
2026-04-02T12:36:55.898231+00:00	GitLab Importer	Fixing	VCID-kusb-1k76-a3ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2020-2220.yml	38.0.0
2026-04-02T12:36:55.438643+00:00	GitLab Importer	Fixing	VCID-v5aw-ffxe-ckdv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2020-2222.yml	38.0.0
2026-04-02T12:36:55.385667+00:00	GitLab Importer	Fixing	VCID-he3v-ysf3-zkb8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2020-2223.yml	38.0.0
2026-04-01T13:11:01.018033+00:00	GithubOSV Importer	Fixing	VCID-nqxw-x7ea-aqew	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g4j6-m3m3-crw8/GHSA-g4j6-m3m3-crw8.json	38.0.0
2026-04-01T13:09:51.340170+00:00	GithubOSV Importer	Fixing	VCID-he3v-ysf3-zkb8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gfhj-524q-gcrm/GHSA-gfhj-524q-gcrm.json	38.0.0
2026-04-01T13:08:32.250333+00:00	GithubOSV Importer	Fixing	VCID-kusb-1k76-a3ck	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qgj4-rc8m-44mq/GHSA-qgj4-rc8m-44mq.json	38.0.0
2026-04-01T13:08:18.045274+00:00	GithubOSV Importer	Fixing	VCID-v5aw-ffxe-ckdv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-864v-5q2g-fr64/GHSA-864v-5q2g-fr64.json	38.0.0