VYPR
Medium severity5.4NVD Advisory· Published Feb 12, 2020· Updated Jun 17, 2026

CVE-2020-2122

CVE-2020-2122

Description

Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:brakemanMaven
< 0.130.13

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

1