VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-v5aw-ffxe-ckdv

Essentials
Severities (27)
References (12)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-v5aw-ffxe-ckdv
Aliases	CVE-2020-2222 GHSA-864v-5q2g-fr64
Summary	Stored XSS vulnerability in Jenkins 'keep forever' badge icon Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names. As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations. Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	8.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
epss	0.00519	https://api.first.org/data/v1/epss?cve=CVE-2020-2222
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-864v-5q2g-fr64
cvssv3.1	8.0	https://github.com/jenkinsci/jenkins
generic_textual	HIGH	https://github.com/jenkinsci/jenkins
cvssv3.1	8.0	https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5
generic_textual	HIGH	https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5
cvssv3.1	8.0	https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902
generic_textual	HIGH	https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902
cvssv3.1	8.0	https://nvd.nist.gov/vuln/detail/CVE-2020-2222
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-2222
cvssv3.1	8.0	http://www.openwall.com/lists/oss-security/2020/07/15/5
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2020/07/15/5

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-2222
		https://github.com/jenkinsci/jenkins
		https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5
		https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902
		https://nvd.nist.gov/vuln/detail/CVE-2020-2222
		http://www.openwall.com/lists/oss-security/2020/07/15/5
1857431		https://bugzilla.redhat.com/show_bug.cgi?id=1857431
GHSA-864v-5q2g-fr64		https://github.com/advisories/GHSA-864v-5q2g-fr64
RHSA-2020:3519		https://access.redhat.com/errata/RHSA-2020:3519
RHSA-2020:3541		https://access.redhat.com/errata/RHSA-2020:3541
RHSA-2020:3808		https://access.redhat.com/errata/RHSA-2020:3808

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2222.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/jenkinsci/jenkins

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/jenkinsci/jenkins/commit/e7443ef2ef255253231f3f1db0034fae39f0cba5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-2222

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2020/07/15/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.66731
EPSS Score	0.00519
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:08:18.008087+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-864v-5q2g-fr64/GHSA-864v-5q2g-fr64.json	38.0.0