GHSA-w43x-5f8f-686p

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w43x-5f8f-686p/GHSA-w43x-5f8f-686p.json
Aliases
  • CVE-2020-2225
Published
2022-05-24T17:23:39Z
Modified
2022-06-24T01:25:48.465651Z
Details

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.

References

Affected packages

Maven / org.jenkins-ci.plugins:matrix-project

org.jenkins-ci.plugins:matrix-project

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.17

Affected versions

1.*

1.0
1.0-beta-1
1.1
1.10
1.11
1.12
1.13
1.14
1.14.1
1.15
1.16
1.2
1.2.1
1.3
1.4
1.4.1
1.5
1.6
1.7
1.7.1
1.8
1.9

Database specific

{
    "last_known_affected_version_range": "<= 1.16"
}