6.1

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2199

GHSA ID

GHSA-qmf3-w5jf-cv54

EPSS Score

0.95455%

CWE

CWE-79

Published

5/24/2022

Updated

1/29/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2199

CVE-2020-2199: XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin

Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation.

This results in a reflected cross-site scripting (XSS) vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with Job/Configure permission.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-2199

CVE-2020-2199:

6.1

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2199

GHSA ID

GHSA-qmf3-w5jf-cv54

EPSS Score

0.95455%

CWE

CWE-79

Published

5/24/2022

Updated

1/29/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:svn-partial-release-mgr	maven	<= 1.0.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly mentions improper escaping in repository URL field form validation. In Jenkins plugin development pattern: 1) Form validation methods typically follow 'doCheck<FieldName>' naming convention 2) Error messages from these methods are directly rendered in the web UI 3) The lack of escaping in error message construction would occur in this validation method. While exact code isn't shown, the pattern matches Jenkins plugin architecture and the vulnerability description's focus on form validation errors for the repository URL field.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-2199: XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin

CVE-2020-2199:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

6.1

6.1

CVE-2020-2199: XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI