{"id":"GHSA-fgxc-mxvw-55mv","summary":"Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS)","details":"Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.","aliases":["CVE-2020-2113"],"modified":"2024-02-16T07:56:49.942405Z","published":"2022-05-24T17:08:46Z","database_specific":{"github_reviewed":true,"severity":"MODERATE","cwe_ids":["CWE-79"],"nvd_published_at":"2020-02-12T15:15:00Z","github_reviewed_at":"2023-01-06T17:06:01Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2113"},{"type":"WEB","url":"https://github.com/jenkinsci/git-parameter-plugin/commit/6fd933c5b1af4ec5dc27edfe2c74931dbff69012"},{"type":"PACKAGE","url":"https://github.com/jenkinsci/git-parameter-plugin"},{"type":"WEB","url":"https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2020/02/12/3"}],"affected":[{"package":{"name":"org.jenkins-ci.tools:git-parameter","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.tools/git-parameter"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.12"}]}],"versions":["0.4.0","0.5.0","0.5.1","0.6.0","0.6.1","0.6.2","0.7.0","0.7.1","0.7.2","0.8.0","0.8.1","0.9.0","0.9.1","0.9.10","0.9.11","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9"],"database_specific":{"last_known_affected_version_range":"\u003c= 0.9.11","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fgxc-mxvw-55mv/GHSA-fgxc-mxvw-55mv.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}