{"containers": {"cna": {"affected": [{"product": "Jenkins", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "2.227", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "LTS 2.204.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:06:08.702Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796"}, {"name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2020-2163", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.227"}, {"version_affected": "<=", "version_value": "LTS 2.204.5"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796"}, {"name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:01:40.841Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796"}, {"name": "[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2020-2163", "datePublished": "2020-03-25T16:05:35", "dateReserved": "2019-12-05T00:00:00", "dateUpdated": "2024-08-04T07:01:40.841Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "CFE13DC6-8F0E-458C-AD96-32E8F057CA18", "versionEndIncluding": "2.204.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "861CC050-ED58-468C-BC49-76C840E22E3D", "versionEndIncluding": "2.227", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers."}, {"lang": "es", "value": "Jenkins versiones 2.227 y anteriores, LTS versiones 2.204.5 y anteriores, procesan inapropiadamente el contenido HTML de los encabezados de columna de visualizaci\u00f3n de lista, resultando en una vulnerabilidad de tipo XSS almacenado explotable por usuarios capaces de controlar encabezados de columna."}], "id": "CVE-2020-2163", "lastModified": "2024-11-21T05:24:50.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-25T17:15:15.203", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/03/25/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2020:2477", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-0:2.222.1.1591351669-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "atomic-enterprise-service-catalog-1:4.3.25-202006081518.git.1.52b3a66.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "atomic-openshift-service-idler-0:4.3.25-202006081518.git.1.79365c5.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "conmon-2:2.0.17-1.rhaos4.3.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "cri-o-0:1.16.6-15.dev.rhaos4.3.gitebc053b.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "jenkins-0:2.222.1.1591349991-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "machine-config-daemon-0:4.3.25-202006081518.git.1.478b31a.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-0:4.3.25-202006060952.git.1.96c30f6.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-ansible-0:4.3.25-202006060952.git.1.1253fde.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-clients-0:4.3.25-202006060952.git.1.fd93102.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-kuryr-0:4.3.25-202006081518.git.1.240b401.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2435", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "s390utils-2:2.6.0-23.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "atomic-enterprise-service-catalog-1:4.4.0-202006080017.git.1.77a5cc9.el7", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "atomic-openshift-service-idler-0:4.4.0-202006080017.git.1.7e463c3.el7", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "conmon-2:2.0.17-1.rhaos4.4.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "cri-o-0:1.17.4-14.dev.rhaos4.4.gitb93af5d.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "jenkins-0:2.222.1.1591351066-1.el7", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "machine-config-daemon-0:4.4.0-202006080017.git.1.32e0736.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift-0:4.4.0-202006061254.git.1.dc84fb4.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift-ansible-0:4.4.0-202006061254.git.1.a996454.el7", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift-clients-0:4.4.0-202006061254.git.1.26cb6dc.el7", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHBA-2020:2444", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift-kuryr-0:4.4.0-202006080017.git.1.855ef1d.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}], "bugzilla": {"description": "jenkins: improperly processes HTML content of list leads to XSS", "id": "1819222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819222"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers."], "name": "CVE-2020-2163", "public_date": "2020-03-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-2163\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2163\nhttps://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796"], "threat_severity": "Moderate", "upstream_fix": "jenkins LTS 2.204.6, jenkins LTS 2.222.1, jenkins 2.228"}