GHSA-6c7r-6p5m-cp82

Source

https://github.com/advisories/GHSA-6c7r-6p5m-cp82

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6c7r-6p5m-cp82/GHSA-6c7r-6p5m-cp82.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6c7r-6p5m-cp82

Aliases

CVE-2020-2136

Published

2022-05-24T17:10:27Z

Modified

2024-02-16T08:04:37.441942Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin

Details

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

Database specific

{
    "nvd_published_at": "2020-03-09T16:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-24T00:59:06Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:git

Package

Name: org.jenkins-ci.plugins:git; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/git

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.1

Affected versions

1.*

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0-beta-1

2.*

2.0-beta-2

2.0-beta-3

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.1.0

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

2.3-beta-1

2.3-beta-2

2.3-beta-3

2.3-beta-4

2.3

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.5.0-beta1

2.5.0-beta2

2.5.0-beta3

2.5.0-beta4

2.5.0-beta5

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.6.2-beta-1

2.6.2-beta-2

2.6.2

2.6.4

2.6.5

3.*

3.0.0-beta1

3.0.0-beta2

3.0.0

3.0.1

3.0.2-beta-1

3.0.2-beta-2

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.2.0

3.3.0

3.3.1

3.3.2

3.4.0-alpha-1

3.4.0-alpha-4

3.4.0-beta-1

3.4.0-beta-2

3.4.0

3.4.1

3.5.0

3.5.1

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.7.0

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

3.10.0-beta-1

3.10.0

3.10.0.1

3.10.1

3.11.0

3.12.0

3.12.1

3.12.2

4.*

4.0.0-beta1

4.0.0-beta2

4.0.0-beta3

4.0.0-beta4

4.0.0-beta7

4.0.0-beta8

4.0.0-beta9

4.0.0-beta10

4.0.0-beta11

4.0.0-beta12

4.0.0-rc

4.0.0

4.0.1

4.1.0-beta

4.1.0

4.1.1

4.2.0

Database specific

{
    "last_known_affected_version_range": "<= 4.2.0"
}