CVE-2020-2246

Summary

Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Valgrind Pluginunspecified <= 0.28affected
Jenkins projectJenkins Valgrind Pluginnext of 0.28 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References