{"id":"CVE-2020-2230","details":"Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.","aliases":["BIT-jenkins-2020-2230","GHSA-9g4m-ffx6-c29g"],"modified":"2026-04-09T07:00:15.798793Z","published":"2020-08-12T14:15:13.190Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/08/12/4"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/jenkins","events":[{"introduced":"0"},{"last_affected":"026012a3c3a3126b4d2fd27049bf797be4f0899a"},{"introduced":"0"},{"last_affected":"6785c59c3d0b3e16b549257ef8c20fee0ebbd239"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.235.3"},{"introduced":"0"},{"last_affected":"2.251"}]}}],"versions":["1.324-rc","1.325-rc","1.327-rc","1.328-rc","builds/101","builds/102","builds/103","builds/104","builds/105","builds/106","builds/107","builds/108","builds/109","builds/110","builds/112","builds/113","builds/114","builds/115","builds/116","builds/117","builds/118","builds/119","builds/120","builds/121","builds/122","builds/123","builds/124","builds/125","builds/126","builds/127","builds/128","builds/130","builds/131","builds/132","builds/133","builds/134","builds/135","builds/136","builds/137","builds/138","builds/139","builds/140","builds/141","builds/142","builds/143","builds/144","builds/145","builds/146","builds/147","builds/148","builds/149","builds/150","builds/151","builds/152","builds/153","builds/154","builds/155","builds/156","builds/157","builds/158","builds/16","builds/160","builds/161","builds/162","builds/163","builds/164","builds/165","builds/166","builds/168","builds/169","builds/17","builds/170","builds/171","builds/172","builds/173","builds/174","builds/176","builds/177","builds/179","builds/18","builds/180","builds/181","builds/182","builds/183","builds/184","builds/185","builds/186","builds/187","builds/188","builds/189","builds/190","builds/191","builds/192","builds/193","builds/194","builds/195","builds/196","builds/197","builds/198","builds/199","builds/2","builds/200","builds/201","builds/202","builds/203","builds/204","builds/205","builds/206","builds/207","builds/209","builds/21","builds/210","builds/211","builds/212","builds/213","builds/214","builds/215","builds/216","builds/217","builds/218","builds/219","builds/22","builds/220","builds/221","builds/222","builds/223","builds/224","builds/225","builds/227","builds/228","builds/229","builds/23","builds/230","builds/231","builds/232","builds/233","builds/234","builds/235","builds/236","builds/237","builds/238","builds/239","builds/24","builds/240","builds/241","builds/242","builds/243","builds/244","builds/245","builds/247","builds/248","builds/249","builds/250","builds/251","builds/254","builds/255","builds/256","builds/257","builds/258","builds/259","builds/26","builds/260","builds/262","builds/264","builds/265","builds/266","builds/267","builds/268","builds/269","builds/27","builds/270","builds/271","builds/272","builds/273","builds/274","builds/275","builds/276","builds/277","builds/278","builds/279","builds/28","builds/280","builds/281","builds/282","builds/284","builds/285","builds/286","builds/287","builds/288","builds/29","builds/290","builds/291","builds/293","builds/294","builds/295","builds/296","builds/297","builds/298","builds/299","builds/30","builds/300","builds/301","builds/302","builds/303","builds/304","builds/305","builds/306","builds/31","builds/32","builds/33","builds/338","builds/339","builds/34","builds/340","builds/341","builds/342","builds/343","builds/344","builds/345","builds/346","builds/348","builds/35","builds/350","builds/352","builds/353","builds/355","builds/356","builds/357","builds/358","builds/359","builds/36","builds/361","builds/363","builds/37","builds/370","builds/371","builds/372","builds/39","builds/40","builds/41","builds/42","builds/43","builds/44","builds/46","builds/47","builds/48","builds/49","builds/50","builds/51","builds/52","builds/53","builds/54","builds/55","builds/56","builds/77","builds/81","builds/82","builds/83","builds/85","builds/86","builds/89","builds/90","builds/92","builds/93","builds/94","changes/101","changes/102","changes/103","changes/104","changes/105","changes/106","changes/107","changes/108","changes/109","changes/110","changes/113","changes/114","changes/115","changes/116","changes/117","changes/118","changes/119","changes/120","changes/121","changes/122","changes/123","changes/124","changes/125","changes/126","changes/127","changes/128","changes/130","changes/131","changes/132","changes/133","changes/134","changes/135","changes/136","changes/137","changes/138","changes/139","changes/140","changes/141","changes/142","changes/143","changes/144","changes/145","changes/146","changes/147","changes/148","changes/149","changes/150","changes/151","changes/152","changes/153","changes/154","changes/155","changes/156","changes/157","changes/158","changes/16","changes/161","changes/162","changes/163","changes/164","changes/165","changes/166","changes/169","changes/17","changes/170","changes/171","changes/172","changes/173","changes/174","changes/176","changes/177","changes/179","changes/18","changes/180","changes/181","changes/182","changes/183","changes/184","changes/185","changes/186","changes/187","changes/188","changes/189","changes/190","changes/191","changes/192","changes/193","changes/194","changes/195","changes/196","changes/197","changes/198","changes/199","changes/2","changes/20","changes/200","changes/201","changes/202","changes/203","changes/204","changes/205","changes/206","changes/207","changes/209","changes/21","changes/210","changes/211","changes/212","changes/213","changes/214","changes/215","changes/216","changes/217","changes/218","changes/22","changes/220","changes/221","changes/222","changes/223","changes/224","changes/225","changes/228","changes/229","changes/23","changes/230","changes/231","changes/232","changes/233","changes/234","changes/235","changes/236","changes/237","changes/238","changes/239","changes/24","changes/240","changes/241","changes/242","changes/243","changes/244","changes/245","changes/248","changes/249","changes/250","changes/251","changes/255","changes/256","changes/257","changes/258","changes/259","changes/262","changes/265","changes/266","changes/267","changes/268","changes/269","changes/27","changes/270","changes/271","changes/272","changes/273","changes/274","changes/275","changes/276","changes/277","changes/278","changes/279","changes/28","changes/280","changes/281","changes/282","changes/284","changes/286","changes/287","changes/288","changes/29","changes/290","changes/291","changes/293","changes/294","changes/295","changes/296","changes/297","changes/298","changes/299","changes/30","changes/300","changes/301","changes/302","changes/303","changes/304","changes/305","changes/306","changes/31","changes/32","changes/338","changes/339","changes/34","changes/340","changes/342","changes/343","changes/344","changes/345","changes/346","changes/348","changes/35","changes/350","changes/352","changes/353","changes/356","changes/357","changes/358","changes/36","changes/361","changes/363","changes/37","changes/370","changes/371","changes/372","changes/39","changes/40","changes/41","changes/42","changes/43","changes/44","changes/46","changes/47","changes/48","changes/49","changes/50","changes/51","changes/52","changes/53","changes/54","changes/55","changes/56","changes/76","changes/77","changes/79","changes/81","changes/82","changes/83","changes/85","changes/86","changes/89","changes/90","changes/92","changes/93","changes/94","jenkins-1.604","jenkins-1.605","jenkins-1.606","jenkins-1.607","jenkins-1.608","jenkins-1.609","jenkins-1.610","jenkins-1.614","jenkins-1.615","jenkins-1.616","jenkins-1.617","jenkins-1.618","jenkins-1.619","jenkins-1.620","jenkins-1.621","jenkins-1.622","jenkins-1.623","jenkins-1.624","jenkins-1.625","jenkins-1.626","jenkins-1.627","jenkins-1.628","jenkins-1.638","jenkins-1.639","jenkins-1.640","jenkins-1.641","jenkins-1.642","jenkins-1.643","jenkins-1.644","jenkins-1.645","jenkins-1.646","jenkins-1.647","jenkins-1.648","jenkins-1.649","jenkins-1.650","jenkins-1.651","jenkins-1.652","jenkins-1.653","jenkins-1.654","jenkins-1.655","jenkins-1.656","jenkins-2.10","jenkins-2.100","jenkins-2.101","jenkins-2.102","jenkins-2.103","jenkins-2.104","jenkins-2.105","jenkins-2.106","jenkins-2.108","jenkins-2.109","jenkins-2.11","jenkins-2.116","jenkins-2.117","jenkins-2.118","jenkins-2.12","jenkins-2.121","jenkins-2.122","jenkins-2.124","jenkins-2.125","jenkins-2.126","jenkins-2.127","jenkins-2.128","jenkins-2.129","jenkins-2.13","jenkins-2.130","jenkins-2.131","jenkins-2.132","jenkins-2.134","jenkins-2.135","jenkins-2.138","jenkins-2.14","jenkins-2.140","jenkins-2.141","jenkins-2.142","jenkins-2.143","jenkins-2.146","jenkins-2.147","jenkins-2.148","jenkins-2.149","jenkins-2.15","jenkins-2.150","jenkins-2.151","jenkins-2.154","jenkins-2.155","jenkins-2.156","jenkins-2.16","jenkins-2.160","jenkins-2.161","jenkins-2.162","jenkins-2.163","jenkins-2.164","jenkins-2.165","jenkins-2.17","jenkins-2.172","jenkins-2.173","jenkins-2.174","jenkins-2.18","jenkins-2.186","jenkins-2.19","jenkins-2.192","jenkins-2.197","jenkins-2.198","jenkins-2.199","jenkins-2.20","jenkins-2.200","jenkins-2.201","jenkins-2.202","jenkins-2.203","jenkins-2.204","jenkins-2.205","jenkins-2.21","jenkins-2.219","jenkins-2.22","jenkins-2.228","jenkins-2.229","jenkins-2.23","jenkins-2.230","jenkins-2.231","jenkins-2.232","jenkins-2.233","jenkins-2.234","jenkins-2.235","jenkins-2.235.1","jenkins-2.235.2","jenkins-2.235.3","jenkins-2.236","jenkins-2.24","jenkins-2.245","jenkins-2.246","jenkins-2.247","jenkins-2.248","jenkins-2.249","jenkins-2.25","jenkins-2.250","jenkins-2.251","jenkins-2.26","jenkins-2.27","jenkins-2.28","jenkins-2.29","jenkins-2.3","jenkins-2.30","jenkins-2.31","jenkins-2.32","jenkins-2.33","jenkins-2.34","jenkins-2.35","jenkins-2.36","jenkins-2.37","jenkins-2.4","jenkins-2.44","jenkins-2.45","jenkins-2.46","jenkins-2.47","jenkins-2.48","jenkins-2.49","jenkins-2.5","jenkins-2.50","jenkins-2.51","jenkins-2.52","jenkins-2.53","jenkins-2.57","jenkins-2.58","jenkins-2.59","jenkins-2.6","jenkins-2.60","jenkins-2.61","jenkins-2.62","jenkins-2.63","jenkins-2.64","jenkins-2.65","jenkins-2.66","jenkins-2.67","jenkins-2.68","jenkins-2.7","jenkins-2.8","jenkins-2.9","jenkins-2.95","jenkins-2.96","jenkins-2.97","jenkins-2.98","jenkins-2.99"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2230.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}