CVE-2020-2270

Summary

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins ClearCase Release Pluginunspecified <= 0.3affected
Jenkins projectJenkins ClearCase Release Pluginnext of 0.3 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References