Miggo Logo

CVE-2020-2256: Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name

8

CVSS Score
3.1

Basic Information

EPSS Score
0.46137%
Published
5/24/2022
Updated
12/20/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:pipeline-mavenmaven<= 3.9.23.9.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped display names in the build cause UI. The commit diff shows the removal of <j:out> tags in description.jelly, which are responsible for safe HTML escaping in Jenkins Jelly templates. In vulnerable versions (<=3.9.2), the display name was rendered via ${...} interpolation without escaping, while the fix (3.9.3) introduced proper escaping by leveraging Jelly's implicit escaping or safer context handling. The file path and template logic align with the vulnerability's description of XSS in build cause rendering.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pip*lin* M*v*n Int**r*tion Plu*in *.*.* *n* **rli*r *o*s not *s**p* t** upstr**m jo*’s *ispl*y n*m* s*own *s p*rt o* * *uil* **us*. T*is r*sults in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*rs wit* Jo*/*on*i*ur* p*rmiss

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** *ispl*y n*m*s in t** *uil* **us* UI. T** *ommit *i** s*ows t** r*mov*l o* <j:out> t**s in `**s*ription.j*lly`, w*i** *r* r*sponsi*l* *or s*** *TML *s**pin* in J*nkins J*lly t*mpl*t*s. In vuln*r**l* v*rsions (<=*
CVE-2020-2256: Pipeline Maven Job Name XSS | Miggo