8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-2222

GHSA ID

GHSA-864v-5q2g-fr64

EPSS Score

0.66365%

CWE

CWE-79

Published

5/24/2022

Updated

12/22/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2222

CVE-2020-2222: Stored XSS vulnerability in Jenkins 'keep forever' badge icon

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names.

As job names do not generally support the character set needed for XSS, this is believed to be difficult to exploit in common configurations.

Jenkins 2.245, LTS 2.235.2 escapes the job name in the 'Keep this build forever' badge tooltip.

(GitHub Advisory)

8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-2222

GHSA ID

GHSA-864v-5q2g-fr64

EPSS Score

0.66365%

CWE

CWE-79

Published

5/24/2022

Updated

12/22/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	<= 2.235.1	2.235.2
org.jenkins-ci.main:jenkins-core	maven	>= 2.236, <= 2.244	2.245

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unescaped output in the Jelly template that generates the 'Keep this build forever' badge. The commit diff shows the fix added h.xmlEscape() around build.whyKeepLog, confirming this was the vulnerable point. The tooltip attribute construction in badge.jelly was rendering raw user-controlled input (job name) into HTML without sanitization, creating an XSS vector. The test case in RunSEC1902Test.java validates that job names containing HTML tags are now properly escaped.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *.*** *n* **rli*r, LTS *.***.* *n* **rli*r *o*s not *s**p* t** jo* n*m* in t** 'K**p t*is *uil* *or*v*r' ***** tooltip. T*is r*sults in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y us*rs **l* to *on*i*ur* jo* n*m*s. *s jo

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** output in t** J*lly t*mpl*t* t**t **n*r*t*s t** 'K**p t*is *uil* *or*v*r' *****. T** *ommit *i** s*ows t** *ix ***** `*.xml*s**p*()` *roun* `*uil*.w*yK**pLo*`, *on*irmin* t*is w*s t** vuln*r**l* point. T** toolt

8

Basic Information

Concerned about an active attack path?

CVE-2020-2222: Stored XSS vulnerability in Jenkins 'keep forever' badge icon

8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI