Unrated severityNVD Advisory· Published Mar 25, 2020· Updated Aug 4, 2024
CVE-2020-2161
CVE-2020-2161
Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=2.227, LTS <=2.204.5+ 1 more
- (no CPE)range: <=2.227, LTS <=2.204.5
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- www.openwall.com/lists/oss-security/2020/03/25/2mitremailing-listx_refsource_MLIST
- jenkins.io/security/advisory/2020-03-25/mitrex_refsource_CONFIRM
News mentions
1- Jenkins Security Advisory 2020-03-25Jenkins Security Advisories · Mar 25, 2020