CVE-2020-2316

Summary

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Static Analysis Utilities Pluginunspecified <= 1.96affected
Jenkins projectJenkins Static Analysis Utilities Pluginnext of 1.96 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References