CVE-2020-2173

Summary

Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Gatling Pluginunspecified <= 1.2.7affected
Jenkins projectJenkins Gatling Plugin1.2.2 < unspecifiedaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References