Miggo Logo
Miggo Vulnerability Database
CVE-2020-2236

CVE-2020-2236: Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2020-2236
GHSA ID
GHSA-3mwj-7vmq-w43p
EPSS Score
0.46137%
CWE
CWE-79
Published
5/24/2022
Updated
12/20/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizermaven< 1.121.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows the critical fix was adding Util.xmlEscape() to the tooltip content in buildFlow.groovy. The unescaped currentBuild.displayName in the div's tooltip attribute (line 84 in original code) allowed stored XSS. This rendering occurs in the drawBuildInfo method's template logic when generating build history visualization. The lack of output encoding on a user-controlled field (build display name) directly matches the CWE-79 XSS pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Y*t *not**r *uil* Visu*liz*r Plu*in *.** *n* **rli*r *o*s not *s**p* tooltip *ont*nt. T*is r*sults in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y us*rs wit* Run/Up**t* p*rmission. Y*t *not**r *uil* Visu*liz*r Plu*in *.** *s**p*

Reasoning

T** *ommit *i** s*ows t** *riti**l *ix w*s ***in* `Util.xml*s**p*()` to t** tooltip *ont*nt in `*uil**low.*roovy`. T** un*s**p** `*urr*nt*uil*.*ispl*yN*m*` in t** *iv's tooltip *ttri*ut* (lin* ** in ori*in*l *o**) *llow** stor** XSS. T*is r*n**rin* o