ghsa-x3pr-fcgm-wjgc
Vulnerability from github
Published
2022-05-24 17:08
Modified
2023-12-06 14:31
Severity
Summary
Subversion Plugin stored XSS vulnerability
Details
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Subversion Plugin 2.13.1 escapes the affected part of the error message.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.plugins:subversion" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.13.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-2111" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2022-07-27T20:55:20Z", "nvd_published_at": "2020-02-12T15:15:00Z", "severity": "MODERATE" }, "details": "Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Subversion Plugin 2.13.1 escapes the affected part of the error message.", "id": "GHSA-x3pr-fcgm-wjgc", "modified": "2023-12-06T14:31:03Z", "published": "2022-05-24T17:08:46Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2111" }, { "type": "WEB", "url": "https://github.com/jenkinsci/subversion-plugin/commit/545ca52f6de9af7541621bbea716ead449cd2b98" }, { "type": "PACKAGE", "url": "https://github.com/jenkinsci/subversion-plugin" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2020/02/12/3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Subversion Plugin stored XSS vulnerability" }
Loading...