GHSA-6c7r-6p5m-cp82

Source

https://github.com/advisories/GHSA-6c7r-6p5m-cp82

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6c7r-6p5m-cp82/GHSA-6c7r-6p5m-cp82.json

Aliases

CVE-2020-2136

Published

2022-05-24T17:10:27Z

Modified

2024-02-16T08:04:37.441942Z

Details

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

References

Affected packages

Maven / org.jenkins-ci.plugins:git

Package

Name: org.jenkins-ci.plugins:git

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

4.2.1

Affected versions

1.*

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0-beta-1

2.*

2.0-beta-2

2.0-beta-3

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

2.3-beta-1

2.3-beta-2

2.3-beta-3

2.3-beta-4

2.3

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.5.0-beta1

2.5.0-beta2

2.5.0-beta3

2.5.0-beta4

2.5.0-beta5

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.6.2-beta-1

2.6.2-beta-2

2.6.2

2.6.4

2.6.5

3.*

3.0.0-beta1

3.0.0-beta2

3.0.0

3.0.1

3.0.2-beta-1

3.0.2-beta-2

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.2.0

3.3.0

3.3.1

3.3.2

3.4.0-alpha-1

3.4.0-alpha-4

3.4.0-beta-1

3.4.0-beta-2

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.7.0

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

3.10.0-beta-1

3.10.0

3.10.0.1

3.10.1

3.11.0

3.12.0

3.12.1

3.12.2

4.*

4.0.0-beta1

4.0.0-beta2

4.0.0-beta3

4.0.0-beta4

4.0.0-beta7

4.0.0-beta8

4.0.0-beta9

4.0.0-beta10

4.0.0-beta11

4.0.0-beta12

4.0.0-rc

4.0.0

4.0.1

4.1.0-beta

4.1.0

4.1.1

4.2.0

Database specific

{
    "last_known_affected_version_range": "<= 4.2.0"
}