5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-2162

GHSA ID

GHSA-crg2-6xv3-qg5f

EPSS Score

0.61471%

CWE

CWE-79

Published

5/24/2022

Updated

12/13/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2162

CVE-2020-2162: Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier served files uploaded as file parameters to a build without specifying appropriate Content-Security-Policy HTTP headers. This resulted in a stored cross-site scripting (XSS) vulnerability exploitable by users with permissions to build a job with file parameters.\n\nJenkins now sets Content-Security-Policy HTTP headers when serving files uploaded via a file parameter to the same value as used for files in workspaces and archived artifacts not served using the Resource Root URL.\n\nThe system property hudson.model.DirectoryBrowserSupport.CSP can be set to override the value of Content-Security-Policy headers sent when serving these files. This is the same system property used for files in workspaces and archived artifacts unless those are served via the Resource Root URL and works the same way for file parameters. See Configuring Content Security Policy to learn more.\n\nEven when Jenkins is configured to serve files in workspaces and archived artifacts using the Resource Root URL (introduced in Jenkins 2.200), file parameters are not, and therefore still subject to Content-Security-Policy restrictions.

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-2162

GHSA ID

GHSA-crg2-6xv3-qg5f

EPSS Score

0.61471%

CWE

CWE-79

Published

5/24/2022

Updated

12/13/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	<= 2.204.5	2.228
org.jenkins-ci.main:jenkins-core	maven	>= 2.204.6, <= 2.227	2.228

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows the vulnerability was addressed by adding CSP header handling directly in FileParameterValue.java's doDynamic method. This method handles file parameter serving and previously lacked security headers. The test cases verify CSP header behavior specifically for this endpoint, confirming this is the execution path for serving vulnerable file parameters. The advisory explicitly states file parameters weren't covered by existing CSP protections that applied to other file-serving mechanisms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *.*** *n* **rli*r, LTS *.***.* *n* **rli*r s*rv** *il*s uplo**** *s *il* p*r*m*t*rs to * *uil* wit*out sp**i*yin* *ppropri*t* `*ont*nt-S**urity-Poli*y *TTP` *****rs. T*is r*sult** in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**

Reasoning

T** *ommit *i** s*ows t** vuln*r**ility w*s ***r*ss** *y ***in* *SP *****r **n*lin* *ir**tly in `*il*P*r*m*t*rV*lu*.j*v*`'s `*o*yn*mi*` m*t*o*. T*is m*t*o* **n*l*s *il* p*r*m*t*r s*rvin* *n* pr*viously l**k** s**urity *****rs. T** t*st **s*s v*ri*y *

5.4

Basic Information

Concerned about an active attack path?

CVE-2020-2162: Improper Neutralization of Input During Web Page Generation in Jenkins

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI