VYPR
High severityNVD Advisory· Published Aug 12, 2020· Updated Aug 4, 2024

CVE-2020-2230

CVE-2020-2230

Description

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
< 2.235.42.235.4
org.jenkins-ci.main:jenkins-coreMaven
>= 2.236, < 2.2522.252

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

1