CVE-2020-2205

Summary

Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the checkVncServ form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins VncRecorder Pluginunspecified <= 1.25affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References