{"id":"CVE-2020-2244","details":"Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.","aliases":["GHSA-p5jh-8rxp-wqjj"],"modified":"2026-04-10T04:24:37.784200Z","published":"2020-09-01T14:15:12.987Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/01/3"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1770"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/build-failure-analyzer-plugin","events":[{"introduced":"0"},{"last_affected":"dc535d11245d7e9da5fcb8a3c0dc2abab0aac914"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.27.0"}]}}],"versions":["build-failure-analyzer-1.10.0","build-failure-analyzer-1.10.0-2","build-failure-analyzer-1.10.1","build-failure-analyzer-1.10.2","build-failure-analyzer-1.10.3","build-failure-analyzer-1.11.0","build-failure-analyzer-1.12.0","build-failure-analyzer-1.12.1","build-failure-analyzer-1.13.0","build-failure-analyzer-1.13.1","build-failure-analyzer-1.13.2","build-failure-analyzer-1.13.3","build-failure-analyzer-1.13.4","build-failure-analyzer-1.13.5","build-failure-analyzer-1.14.0","build-failure-analyzer-1.15.0","build-failure-analyzer-1.16.0","build-failure-analyzer-1.17.0","build-failure-analyzer-1.17.0-r2","build-failure-analyzer-1.17.1","build-failure-analyzer-1.17.2","build-failure-analyzer-1.18.0","build-failure-analyzer-1.18.1","build-failure-analyzer-1.19.0","build-failure-analyzer-1.19.1","build-failure-analyzer-1.19.1-t4","build-failure-analyzer-1.19.2","build-failure-analyzer-1.19.2-t2","build-failure-analyzer-1.20.0","build-failure-analyzer-1.21.0","build-failure-analyzer-1.22.0","build-failure-analyzer-1.23.0","build-failure-analyzer-1.23.0-beta-1","build-failure-analyzer-1.23.1","build-failure-analyzer-1.23.2","build-failure-analyzer-1.24.0","build-failure-analyzer-1.24.1","build-failure-analyzer-1.24.2","build-failure-analyzer-1.25.0","build-failure-analyzer-1.25.1","build-failure-analyzer-1.26.0","build-failure-analyzer-1.27.0","build-failure-analyzer-1.4.0","build-failure-analyzer-1.4.1","build-failure-analyzer-1.5.0","build-failure-analyzer-1.5.1","build-failure-analyzer-1.6.0","build-failure-analyzer-1.7.0","build-failure-analyzer-1.8.0","build-failure-analyzer-1.8.1","build-failure-analyzer-1.9.0","build-failure-analyzer-1.9.1","build-failure-analyzer-2.27.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2244.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}