Miggo Logo
Miggo Vulnerability Database
CVE-2020-2229

CVE-2020-2229:
Jenkins Cross-Site Scripting vulnerability in help icons

8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2020-2229
GHSA ID
GHSA-hvmc-7g2x-r3p9
EPSS Score
0.88132%
CWE
CWE-79
Published
5/24/2022
Updated
12/22/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.main:jenkins-coremaven<= 2.235.32.235.4
org.jenkins-ci.main:jenkins-coremaven>= 2.236, <= 2.2512.252

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the unescaped 'tooltip' attribute in the Jelly template responsible for rendering help icons. The commit diff shows the addition of h.xmlEscape() to sanitize this attribute. Since Jelly templates generate HTML/XML content, the lack of escaping in the original code allowed raw user/plugin-provided tooltip content to be interpreted as HTML/XML, enabling XSS. The test cases added in the commit explicitly validate() XSS prevention by checking that injected HTML payloads are escaped, confirming this as the attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *.*** *n* **rli*r, LTS *.***.* *n* **rli*r *o*s not *s**p* t** tooltip *ont*nt o* **lp i*ons. Tooltip v*lu*s **n ** *ontri*ut** *y plu*ins, som* o* w*i** us* us*r-sp**i*i** v*lu*s. T*is r*sults in * stor** *ross-sit* s*riptin* (XSS) vuln*r**i

Reasoning

T** vuln*r**ility st*ms *rom t** un*s**p** 'tooltip' *ttri*ut* in t** J*lly t*mpl*t* r*sponsi*l* *or r*n**rin* **lp i*ons. T** *ommit *i** s*ows t** ***ition o* `*.xml*s**p*()` to s*nitiz* t*is *ttri*ut*. Sin** J*lly t*mpl*t*s **n*r*t* *TML/XML *ont*