CVE-2020-2217

Summary

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Compatibility Action Storage Pluginunspecified <= 1.0affected
Jenkins projectJenkins Compatibility Action Storage Pluginnext of 1.0 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References