{"id":"CVE-2020-2136","details":"Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.","aliases":["GHSA-6c7r-6p5m-cp82"],"modified":"2026-05-18T19:08:29.081135Z","published":"2020-03-09T16:15:12.797Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/03/09/1"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1723"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/git-plugin","events":[{"introduced":"0"},{"last_affected":"ad01b82d517b33417d792d76b02206b28386766a"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"4.2.0"}],"cpe":"cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:*"}}],"versions":["git-4.2.0","git-4.1.1","git-4.1.0","git-4.1.0-beta","git-4.0.0","git-4.0.0-beta12","git-4.0.0-beta11","git-4.0.0-beta10","git-4.0.0-beta9","git-4.0.0-beta8","git-4.0.0-beta7","git-4.0.0-rc","git-4.0.0-beta3","git-4.0.0-beta2","git-4.0.0-beta1","git-3.9.0","git-3.8.0","git-3.7.0","git-3.6.4","git-3.6.3","git-3.6.2","git-3.6.1","git-3.6.0","git-3.5.1","git-3.5.0","git-3.4.1","git-3.4.0","git-3.4.0-beta-2","git-3.4.0-beta-1","git-3.3.1","git-3.3.0","git-3.2.0","git-3.1.0","git-3.0.5","git-3.0.4","git-3.0.3","git-3.0.2","git-3.0.2-beta-2","git-3.0.2-beta-1","git-3.0.1","git-3.0.0","git-3.0.0-beta2","git-2.4.0","git-2.5.0-beta5","git-2.5.0-beta4","git-2.5.0-beta3","git-2.5.0-beta2","git-2.3.5","git-2.3.4","git-2.3.3","git-2.3.2","git-2.3.1","git-2.3","git-2.3-beta-4","git-2.3-beta-3","git-2.3-beta-2","git-2.3-beta-1","git-2.2.1","git-2.1.0","git-2.2.0","git-2.0.4","git-2.0.3","git-2.0.2","git-2.0","git-2.0-beta-3","git-2.0-beta-2","git-1.6.0-beta-1","git-1.5.0","git-1.4.0","git-1.3.0","git-1.2.0","git-1.1.29","git-1.1.28","git-1.1.27","git-1.1.26","git-1.1.25","git-1.1.24","git-1.1.23","git-1.1.22","git-1.1.21","git-1.1.20","git-1.1.19","git-1.1.18","git-1.1.17","git-1.1.16","git-1.1.15","git-1.1.14","git-1.1.13","git-1.1.12","git-1.1.11","git-1.1.10","git-1.1.9","git-1.1.8","git-1.1.7","git-1.1.6","git-1.1.5","git-1.1.4","git-1.1.3","git-1.1.2","git-1.1.1","git-1.1","git-1.0.1","git-1.0","git-0.9.2","git-0.9.1","git-0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2136.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}