Vulnerability Details CVE-2020-2122
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-2122
-
cpe:2.3:a:jenkins:brakeman:0.10
-
cpe:2.3:a:jenkins:brakeman:0.11
-
cpe:2.3:a:jenkins:brakeman:0.12
-
cpe:2.3:a:jenkins:brakeman:0.4
-
cpe:2.3:a:jenkins:brakeman:0.5
-
cpe:2.3:a:jenkins:brakeman:0.6
-
cpe:2.3:a:jenkins:brakeman:0.7
-
cpe:2.3:a:jenkins:brakeman:0.8
-
cpe:2.3:a:jenkins:brakeman:0.9