vulnerability

Red Hat OpenShift: CVE-2020-2231: jenkins: stored XSS vulnerability in 'trigger builds remotely'

Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Aug 12, 2020
Added
Dec 29, 2020
Modified
Apr 11, 2025

Description

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.

Solution

linuxrpm-upgrade-jenkins
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.