{"id":"CVE-2020-2317","details":"Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.","aliases":["GHSA-24g8-35x9-fv8r"],"modified":"2026-04-10T04:24:46.304268Z","published":"2020-11-04T15:15:12.490Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1918"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/findbugs-plugin","events":[{"introduced":"0"},{"last_affected":"62b783cf5a6589f477345ba79e79d5e7408fcb81"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.0.0"}]}}],"versions":["findbugs-4.20","findbugs-4.21","findbugs-4.22","findbugs-4.23","findbugs-4.24","findbugs-4.26","findbugs-4.27","findbugs-4.28","findbugs-4.29","findbugs-4.30","findbugs-4.31","findbugs-4.32","findbugs-4.33","findbugs-4.34","findbugs-4.35","findbugs-4.36","findbugs-4.37","findbugs-4.38","findbugs-4.39","findbugs-4.40","findbugs-4.41","findbugs-4.42","findbugs-4.43","findbugs-4.44","findbugs-4.45","findbugs-4.46","findbugs-4.47","findbugs-4.48","findbugs-4.49","findbugs-4.50","findbugs-4.51","findbugs-4.52","findbugs-4.53","findbugs-4.58","findbugs-4.59","findbugs-4.60","findbugs-4.61","findbugs-4.62","findbugs-4.63","findbugs-4.64","findbugs-4.65","findbugs-4.67","findbugs-4.68","findbugs-4.69","findbugs-4.70","findbugs-4.71","findbugs-4.72","findbugs-4.73-beta","findbugs-5.0.0","findbugs-5.0.0-beta2","findbugs-5.0.0-beta3","library-2.0.0","library-2.0.1","library-2.0.3","library-2.0.8","library-2.1.0","library-3.0.0","library-3.0.2","library-3.0.3","library-3.0.4","library-4.0.0","library-5.0.0","parent-1.0","parent-1.1","parent-1.2","parent-1.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2317.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}