CVE-2020-2161

Summary

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkinsunspecified <= 2.227affected
Jenkins projectJenkinsunspecified <= LTS 2.204.5affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References