Vulnerability-Lookup

GHSA-GFHJ-524Q-GCRM

Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-12-27 22:58

Summary

Stored XSS vulnerability in Jenkins console links

Details

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.

Jenkins 2.245, LTS 2.235.2 escapes the href attribute of these links.

Severity

8.0 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.235.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.235.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.244"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.236"
            },
            {
              "fixed": "2.245"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-24T00:54:18Z",
    "nvd_published_at": "2020-07-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the `href` attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.\n\nJenkins 2.245, LTS 2.235.2 escapes the `href` attribute of these links.",
  "id": "GHSA-gfhj-524q-gcrm",
  "modified": "2022-12-27T22:58:48Z",
  "published": "2022-05-24T17:23:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/jenkins/commit/11f4a351224ef04cfeb9c7636fb1590b67543f3c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/jenkins"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Stored XSS vulnerability in Jenkins console links"
}

CVE-2020-2223 (GCVE-0-2020-2223)

Vulnerability from cvelistv5 – Published: 2020-07-15 17:00 – Updated: 2024-08-04 07:01

Summary

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.

Severity

No CVSS data available.

Assigner

jenkins

References

2 references

URL	Tags
https://jenkins.io/security/advisory/2020-07-15/#…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/07/15/5	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Jenkins project	Jenkins	Affected: unspecified , ≤ 2.244 (custom) Affected: unspecified , ≤ LTS 2.235.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:01:41.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945"
          },
          {
            "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "2.244",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "LTS 2.235.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the \u0027href\u0027 attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:07:19.070Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945"
        },
        {
          "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2020-2223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.244"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "LTS 2.235.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the \u0027href\u0027 attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945",
              "refsource": "CONFIRM",
              "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945"
            },
            {
              "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2020-2223",
    "datePublished": "2020-07-15T17:00:27.000Z",
    "dateReserved": "2019-12-05T00:00:00.000Z",
    "dateUpdated": "2024-08-04T07:01:41.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-GFHJ-524Q-GCRM

CVE-2020-2223 (GCVE-0-2020-2223)

Tags

Sightings

Nomenclature