Miggo Logo
Miggo Vulnerability Database
CVE-2020-2163

CVE-2020-2163: Improper Neutralization of Input During Web Page Generation in Jenkins

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-2163
GHSA ID
GHSA-2xcm-h7vv-g8m9
EPSS Score
0.61471%
CWE
CWE-79
Published
5/24/2022
Updated
12/22/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.main:jenkins-coremaven<= 2.204.52.204.6
org.jenkins-ci.main:jenkins-coremaven> 2.204.6, <= 2.2272.228

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key locations: 1) The sortable.js script's handling of column headers originally used getInnerText() which returns unescaped text, then injected it into DOM via innerHTML without sanitization. 2) The Jelly template's column header rendering mechanism allowed HTML content to pass through without proper contextual escaping. The fix in commit a61d6a1 addressed both by using cell.innerHTML (already escaped by Jelly) in JavaScript and adding security warnings in the Jelly template comments. The combination of unescaped HTML in column headers and unsafe DOM manipulation in JavaScript created the XSS vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *.*** *n* **rli*r, LTS *.***.* *n* **rli*r improp*rly pro**ss*s *TML *ont*nt o* list vi*w *olumn *****rs, r*sultin* in * stor** XSS vuln*r**ility *xploit**l* *y us*rs **l* to *ontrol *olumn *****rs.

Reasoning

T** vuln*r**ility st*ms *rom two k*y lo**tions: *) T** `sort**l*.js` s*ript's **n*lin* o* *olumn *****rs ori*in*lly us** `**tInn*rT*xt()` w*i** r*turns un*s**p** t*xt, t**n inj**t** it into *OM vi* `inn*r*TML` wit*out s*nitiz*tion. *) T** J*lly t*mpl