{"id":"CVE-2020-2316","details":"Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.","aliases":["GHSA-fg6g-52rg-vr9q"],"modified":"2026-04-10T04:24:46.808857Z","published":"2020-11-04T15:15:12.413Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1907"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/analysis-core-plugin","events":[{"introduced":"0"},{"last_affected":"6ed469a85ecf13e7f4239eafd12362e0fe18efad"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.96"}]}}],"versions":["analysis-core-1.17","analysis-core-1.18","analysis-core-1.19","analysis-core-1.20","analysis-core-1.21","analysis-core-1.22","analysis-core-1.23","analysis-core-1.24","analysis-core-1.25","analysis-core-1.26","analysis-core-1.27","analysis-core-1.28","analysis-core-1.29","analysis-core-1.30","analysis-core-1.32","analysis-core-1.33","analysis-core-1.34","analysis-core-1.35","analysis-core-1.36","analysis-core-1.37","analysis-core-1.38","analysis-core-1.39","analysis-core-1.40","analysis-core-1.41","analysis-core-1.42","analysis-core-1.43","analysis-core-1.44","analysis-core-1.45","analysis-core-1.46","analysis-core-1.47","analysis-core-1.48","analysis-core-1.49","analysis-core-1.50","analysis-core-1.51","analysis-core-1.52","analysis-core-1.53","analysis-core-1.54","analysis-core-1.55","analysis-core-1.56","analysis-core-1.57","analysis-core-1.58","analysis-core-1.59","analysis-core-1.60","analysis-core-1.61","analysis-core-1.62","analysis-core-1.63","analysis-core-1.64","analysis-core-1.65","analysis-core-1.66","analysis-core-1.67","analysis-core-1.68","analysis-core-1.69","analysis-core-1.70","analysis-core-1.71","analysis-core-1.72","analysis-core-1.73","analysis-core-1.74","analysis-core-1.75","analysis-core-1.76","analysis-core-1.77","analysis-core-1.78","analysis-core-1.79","analysis-core-1.80","analysis-core-1.81","analysis-core-1.82","analysis-core-1.83","analysis-core-1.84","analysis-core-1.86","analysis-core-1.87","analysis-core-1.88","analysis-core-1.89","analysis-core-1.90","analysis-core-1.91","analysis-core-1.92","analysis-core-1.93","analysis-core-1.94","analysis-core-1.95","analysis-core-1.96"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2316.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}