CVE-2020-2225 (Medium) detected in matrix-project-1.7.1.jar #94
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
mend-for-github-com
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2020-2225 - Medium Severity Vulnerability
Multi-configuration (matrix) project type.
Library home page: https://wiki.jenkins-ci.org/display/JENKINS/Matrix+Project+Plugin
Path to dependency file: influxdb-plugin/pom.xml
Path to vulnerable library: /root/.m2/repository/org/jenkins-ci/plugins/matrix-project/1.7.1/matrix-project-1.7.1.jar
Dependency Hierarchy:
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
Publish Date: 2020-07-15
URL: CVE-2020-2225
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2020-07-15/
Release Date: 2020-07-15
Fix Resolution: org.jenkins-ci.plugins:matrix-project:1.17
The text was updated successfully, but these errors were encountered: