CVE-2020-2106 is a vulnerability in Jenkins Code Coverage Api
Published on January 29, 2020

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.

NVD

Products Associated with CVE-2020-2106

Want to know whenever a new CVE is published for Jenkins Code Coverage Api? stack.watch will email you.

Jenkins Code Coverage Api

Affected Versions

Jenkins project Jenkins Code Coverage API Plugin:

Version unspecified, <= 1.1.2 is affected.

Exploit Probability

EPSS

0.23%

Percentile

45.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-2106 is a vulnerability in Jenkins Code Coverage ApiPublished on January 29, 2020

Products Associated with CVE-2020-2106

Affected Versions

Exploit Probability

CVE-2020-2106 is a vulnerability in Jenkins Code Coverage Api
Published on January 29, 2020