What is CVE-2020-2230?

CVE-2020-2230 is a vulnerability in Jenkins Project. Published 2020-08-12.

Is CVE-2020-2230 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project

CVE-2020-2230

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.

EPSS: 0.831 (99.6th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project — versions unspecified

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-2230

References

jenkins.io/security/advisory/2020-08-12/ (x_refsource_CONFIRM)
[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins (mailing-list, x_refsource_MLIST)
packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-2230?: CVE-2020-2230 is a vulnerability in Jenkins Project. Published 2020-08-12.
Is CVE-2020-2230 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.