CVE-2020-2199

Summary

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting (XSS) vulnerability [1][2].

Details

The plugin fails to properly sanitize user input when validating repository URLs. When an invalid URL is provided, the error message includes the unsanitized input, which can contain malicious JavaScript. This flaw allows an attacker to craft a URL that, when visited by a victim, executes arbitrary script in the context of the Jenkins UI [1][2].

Exploitation

Attackers can exploit this by tricking a user into clicking a specially crafted link to a Jenkins form that triggers the validation. No authentication is required to trigger the reflection, but the victim must have access to the Jenkins instance [2][3].

Impact

Successful exploitation enables an attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, credential theft, or actions performed on behalf of the victim. The plugin is listed as unresolved in the advisory [3] and no patch is available as of the publication date [4].