Medium severity5.4NVD Advisory· Published Feb 12, 2020· Updated Jun 17, 2026
CVE-2020-2122
CVE-2020-2122
Description
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:brakemanMaven | < 0.13 | 0.13 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2020/02/12/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-7q9r-vhg2-789wghsaADVISORY
- jenkins.io/security/advisory/2020-02-12/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-2122ghsaADVISORY
News mentions
1- Jenkins Security Advisory 2020-02-12Jenkins Security Advisories · Feb 12, 2020