Vulnerability in Jenkins Project Audit Trail Plugin
CVE-2020-2140
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
EPSS: 0.760 (99.5th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project Audit Trail Plugin — versions unspecified
Public proof-of-concept exploits
References
- jenkins.io/security/advisory/2020-03-09/ (x_refsource_CONFIRM)
- [oss-security] 20200309 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2020-2140?
- CVE-2020-2140 is a vulnerability in Jenkins Project Audit Trail Plugin. Published 2020-03-09.
- Is CVE-2020-2140 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.