Back to search
CVE-2020-2176
Published: Apr 7, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins useMango Runner Plugin | affected unspecified - <= 1.4 |
References
https://jenkins.io/security/advisory/2020-04-07/#SECURITY-1780
x_refsource_CONFIRM
[oss-security] 20200407 Multiple vulnerabilities in Jenkins plugins
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now