CVE-2020-2225: Cross-site Scripting

July 15, 2020 (updated July 21, 2020)

Jenkins Matrix Project Plugin does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.

References

jenkins.io/security/advisory/2020-07-15/
nvd.nist.gov/vuln/detail/CVE-2020-2225

Code Behaviors & Features

Detect and mitigate CVE-2020-2225 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →