Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
2020-07-15T18:15:37.003
2024-11-21T05:24:59.933
Modified
CVSSv3.1: 5.4 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jenkins | jenkins | ≤ 2.235.1 | Yes |
| Application | jenkins | jenkins | ≤ 2.244 | Yes |