Get a Pentest and security assessment of your IT network.

Request a quote
2021-current

CVE-2020-2176 – Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4

March 7, 2022

Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2176

Reference (s):

  • https://jenkins.io/security/advisory/2020-04-07/#SECURITY-1780
  • MLIST:[oss-security] 20200407 Multiple vulnerabilities in Jenkins plugins
  • URL: http://www.openwall.com/lists/oss-security/2020/04/07/3
5
Share:
Related posts
2021-current

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

October 11, 2025
2021-current

CVE-2014-6594 - Unspecified vulnerability in the Oracle iLearning component in Oracle iLe

March 7, 2022
2021-current

CVE-2019-8457 - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-b

March 7, 2022
2021-current

CVE-2020-12257 - rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because

March 7, 2022