Search for packages
| purl | pkg:maven/org.jenkins-ci.main/jenkins-core@2.251 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cgen-qcyh-yqbu
Aliases: CVE-2020-2230 GHSA-9g4m-ffx6-c29g |
Jenkins Cross-site Scripting vulnerability in project naming strategy Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4 escapes the project naming strategy description. |
Affected by 0 other vulnerabilities. |
|
VCID-fy5p-8vcs-zkha
Aliases: CVE-2020-2229 GHSA-hvmc-7g2x-r3p9 |
Jenkins Cross-Site Scripting vulnerability in help icons Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values. This results in a stored cross-site scripting (XSS) vulnerability. Jenkins 2.252, LTS 2.235.4 escapes the tooltip content of help icons. |
Affected by 0 other vulnerabilities. |
|
VCID-re1r-xjv4-sqd3
Aliases: CVE-2020-2231 GHSA-jpvq-v729-7j2h |
Improper Neutralization of Input During Web Page Generation in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||