Miggo Logo

CVE-2020-2269: Stored XSS vulnerability in chosen-views-tabbar Plugin

8

CVSS Score
3.1

Basic Information

EPSS Score
0.46137%
Published
5/24/2022
Updated
1/28/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:chosen-views-tabbarmaven<= 1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped view names in the view selection dropdown. Jenkins plugins typically use Jelly templates for UI rendering. The core issue would be in the template that generates the dropdown options, likely using ${view.name} without the escape attribute or equivalent output sanitization. The high confidence comes from: 1) The advisory explicitly mentions the dropdown as the vulnerable component 2) XSS patterns in Jenkins typically involve missing Jelly escaping 3) The plugin's purpose (view tabbar) matches this UI element's functionality.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins **os*n-vi*ws-t****r Plu*in *.* *n* **rli*r *o*s not *s**p* vi*w n*m*s in t** *rop*own to s*l**t vi*ws, r*sultin* in * stor** *ross-sit* s*riptin* (XSS) vuln*r**ility *xploit**l* *y *tt**k*rs wit* t** **ility to *on*i*ur* vi*ws.

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** vi*w n*m*s in t** vi*w s*l**tion *rop*own. J*nkins plu*ins typi**lly us* J*lly t*mpl*t*s *or UI r*n**rin*. T** *or* issu* woul* ** in t** t*mpl*t* t**t **n*r*t*s t** *rop*own options, lik*ly usin* `${vi*w.n*m*}`