CVE-2020-2244

Publication date

2020-09-01 13:50:32

Family

jenkins

State

PUBLISHED

Description

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.