CVE-2020-2317

Summary

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins FindBugs Pluginunspecified <= 5.0.0affected
Jenkins projectJenkins FindBugs Pluginnext of 5.0.0 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References