[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-2231":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":67,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":78,"related":79,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":91,"kevs":123,"epss":124,"epss_history":127,"metrics":386,"affected":399},"CVE-2020-2231","Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45,54],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_27B6C75B8A5B57F4","Exploit Reference (packetstormsecurity.com)","reference","http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html","unknown",0.2,false,[],{"_key":55,"name":56,"source":57,"url":58,"maturity":59,"reliability_score":60,"verified":52,"type":9,"platforms":61,"requires_auth":9,"exploitdb":63,"metasploit":9},"49244","Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS","exploit-database","https://www.exploit-db.com/exploits/49244","poc",0.5,[62],"java",{"verified":52,"type":64,"platform":62,"file":65,"codes":66},"webapps","exploits/java/webapps/49244.txt",[7],[68,69],"GHSA-jpvq-v729-7j2h","BIT-jenkins-2020-2231",[],[72,74,76],{"_key":73},"RHSA-2020:3808",{"_key":75},"RHSA-2020:3841",{"_key":77},"RHSA-2020:4223",[],[],"2020-08-12T13:25:22.000Z","2024-08-04T07:01:41.196Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":84,"epss_score":85,"severity":86,"severity_score":87,"severity_version":88,"severity_source":89,"severity_vector":90,"severity_status":82},"low",0.00472,"medium",5.4,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",[92,101,108,114,119],{"url":93,"sources":94,"tags":97},"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960",[95,89,96],"cve.org","osv_maven",[98,99,100],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":102,"sources":103,"tags":104},"http://www.openwall.com/lists/oss-security/2020/08/12/4",[95,89,96],[105,106,107,100],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":49,"sources":109,"tags":110},[95,89,96],[111,112,107,113,100],"X Refsource MISC","Exploit","VDB Entry",{"url":115,"sources":116,"tags":117},"https://nvd.nist.gov/vuln/detail/CVE-2020-2231",[96],[118],"Advisory",{"url":120,"sources":121,"tags":122},"https://github.com/jenkinsci/jenkins/commit/29c9a8fdeafe26fded955cfba188f50fd4f1786a",[96],[100],[],{"date":125,"score":85,"percentile":126},"2026-06-04",0.65021,[128,131,134,137,140,143,146,149,152,155,158,161,164,167,169,173,176,179,182,185,188,190,193,196,199,201,204,207,210,213,216,219,222,224,227,229,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,275,278,281,285,287,289,292,295,298,301,303,306,308,311,314,317,319,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,369,372,375,377,380,383],{"date":129,"score":85,"percentile":130},"2025-11-04",0.63827,{"date":132,"score":85,"percentile":133},"2025-11-05",0.63808,{"date":135,"score":85,"percentile":136},"2025-11-06",0.63814,{"date":138,"score":85,"percentile":139},"2025-11-07",0.63826,{"date":141,"score":85,"percentile":142},"2025-11-08",0.63829,{"date":144,"score":85,"percentile":145},"2025-11-09",0.63823,{"date":147,"score":85,"percentile":148},"2025-11-10",0.63807,{"date":150,"score":85,"percentile":151},"2025-11-11",0.63819,{"date":153,"score":85,"percentile":154},"2025-11-12",0.6384,{"date":156,"score":85,"percentile":157},"2025-11-13",0.63846,{"date":159,"score":85,"percentile":160},"2025-11-14",0.63854,{"date":162,"score":85,"percentile":163},"2025-11-15",0.63849,{"date":165,"score":85,"percentile":166},"2025-11-16",0.63841,{"date":168,"score":85,"percentile":154},"2025-11-17",{"date":170,"score":171,"percentile":172},"2025-11-18",0.00375,0.56307,{"date":174,"score":171,"percentile":175},"2025-11-19",0.56323,{"date":177,"score":171,"percentile":178},"2025-11-20",0.56313,{"date":180,"score":85,"percentile":181},"2025-11-21",0.6385,{"date":183,"score":85,"percentile":184},"2025-11-22",0.63856,{"date":186,"score":85,"percentile":187},"2025-11-23",0.63837,{"date":189,"score":85,"percentile":130},"2025-11-24",{"date":191,"score":85,"percentile":192},"2025-11-25",0.63828,{"date":194,"score":85,"percentile":195},"2025-11-26",0.63832,{"date":197,"score":85,"percentile":198},"2025-11-27",0.63836,{"date":200,"score":85,"percentile":136},"2025-11-28",{"date":202,"score":85,"percentile":203},"2025-11-29",0.63784,{"date":205,"score":85,"percentile":206},"2025-11-30",0.63777,{"date":208,"score":85,"percentile":209},"2025-12-01",0.63948,{"date":211,"score":85,"percentile":212},"2025-12-02",0.63966,{"date":214,"score":85,"percentile":215},"2025-12-03",0.63967,{"date":217,"score":85,"percentile":218},"2025-12-04",0.63791,{"date":220,"score":85,"percentile":221},"2025-12-05",0.63804,{"date":223,"score":85,"percentile":221},"2025-12-06",{"date":225,"score":85,"percentile":226},"2025-12-07",0.63797,{"date":228,"score":85,"percentile":221},"2025-12-08",{"date":230,"score":85,"percentile":187},"2025-12-09",{"date":232,"score":85,"percentile":233},"2025-12-10",0.63882,{"date":235,"score":85,"percentile":236},"2025-12-11",0.63899,{"date":238,"score":85,"percentile":239},"2025-12-12",0.63918,{"date":241,"score":85,"percentile":242},"2025-12-13",0.63924,{"date":244,"score":85,"percentile":245},"2025-12-14",0.63922,{"date":247,"score":85,"percentile":248},"2025-12-15",0.63916,{"date":250,"score":85,"percentile":251},"2025-12-16",0.63933,{"date":253,"score":85,"percentile":254},"2025-12-17",0.63946,{"date":256,"score":85,"percentile":257},"2025-12-18",0.63983,{"date":259,"score":85,"percentile":260},"2025-12-19",0.63999,{"date":262,"score":85,"percentile":263},"2025-12-20",0.63996,{"date":265,"score":85,"percentile":266},"2025-12-21",0.63985,{"date":268,"score":85,"percentile":269},"2025-12-22",0.63978,{"date":271,"score":85,"percentile":272},"2025-12-23",0.63987,{"date":274,"score":85,"percentile":263},"2025-12-24",{"date":276,"score":85,"percentile":277},"2025-12-25",0.64021,{"date":279,"score":85,"percentile":280},"2025-12-26",0.64022,{"date":282,"score":283,"percentile":284},"2025-12-27",0.0047,0.63993,{"date":286,"score":85,"percentile":260},"2025-12-28",{"date":288,"score":85,"percentile":272},"2025-12-29",{"date":290,"score":85,"percentile":291},"2025-12-30",0.64003,{"date":293,"score":85,"percentile":294},"2025-12-31",0.6403,{"date":296,"score":85,"percentile":297},"2026-01-01",0.64218,{"date":299,"score":85,"percentile":300},"2026-01-02",0.64204,{"date":302,"score":85,"percentile":300},"2026-01-03",{"date":304,"score":85,"percentile":305},"2026-01-04",0.64028,{"date":307,"score":85,"percentile":277},"2026-01-05",{"date":309,"score":85,"percentile":310},"2026-01-06",0.64017,{"date":312,"score":85,"percentile":313},"2026-01-07",0.64036,{"date":315,"score":85,"percentile":316},"2026-01-08",0.64058,{"date":318,"score":85,"percentile":316},"2026-01-09",{"date":320,"score":85,"percentile":321},"2026-01-10",0.64056,{"date":323,"score":85,"percentile":324},"2026-01-11",0.64045,{"date":326,"score":85,"percentile":327},"2026-01-12",0.64029,{"date":329,"score":85,"percentile":330},"2026-01-13",0.64027,{"date":332,"score":85,"percentile":333},"2026-01-14",0.64065,{"date":335,"score":85,"percentile":336},"2026-01-15",0.64081,{"date":338,"score":85,"percentile":339},"2026-01-16",0.64102,{"date":341,"score":85,"percentile":342},"2026-01-17",0.6409,{"date":344,"score":85,"percentile":345},"2026-01-18",0.64082,{"date":347,"score":85,"percentile":348},"2026-01-19",0.64068,{"date":350,"score":85,"percentile":351},"2026-01-20",0.64083,{"date":353,"score":85,"percentile":354},"2026-01-21",0.64092,{"date":356,"score":85,"percentile":357},"2026-01-22",0.64099,{"date":359,"score":85,"percentile":360},"2026-01-23",0.64129,{"date":362,"score":85,"percentile":363},"2026-01-24",0.64136,{"date":365,"score":85,"percentile":366},"2026-01-25",0.64103,{"date":368,"score":85,"percentile":342},"2026-01-26",{"date":370,"score":85,"percentile":371},"2026-01-27",0.641,{"date":373,"score":85,"percentile":374},"2026-01-28",0.64109,{"date":376,"score":85,"percentile":374},"2026-01-29",{"date":378,"score":85,"percentile":379},"2026-01-30",0.64118,{"date":381,"score":85,"percentile":382},"2026-01-31",0.64122,{"date":384,"score":85,"percentile":385},"2026-02-01",0.64267,[387,397],{"source":89,"cvss_v2_0":388,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":389,"baseSeverity":9,"vectorString":390,"impactScore":391,"exploitabilityScore":392},3.5,"AV:N/AC:M/Au:S/C:N/I:P/A:N",2.9,6.8,{"baseScore":87,"baseSeverity":394,"vectorString":90,"impactScore":395,"exploitabilityScore":396},"MEDIUM",4.5,5.9,{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":398,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":9,"vectorString":90,"impactScore":395,"exploitabilityScore":396},[400,415,423],{"ecosystem":9,"name":401,"vendor":402,"product":403,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":405},"Jenkins","jenkins project","jenkins","a",[406,412],{"version":407,"is_range":408,"range_type":95,"version_start":409,"version_start_type":410,"version_end":411,"version_end_type":410,"fixed_in":9},">= unspecified, \u003C= 2.251",true,"unspecified","including","2.251",{"version":413,"is_range":408,"range_type":95,"version_start":409,"version_start_type":410,"version_end":414,"version_end_type":410,"fixed_in":9},">= unspecified, \u003C= LTS 2.235.3","LTS 2.235.3",{"ecosystem":9,"name":401,"vendor":9,"product":401,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":416},[417,421],{"version":418,"is_range":408,"range_type":419,"version_start":9,"version_start_type":9,"version_end":420,"version_end_type":410,"fixed_in":9},"lte2.235.3","cpe","2.235.3",{"version":422,"is_range":408,"range_type":419,"version_start":9,"version_start_type":9,"version_end":411,"version_end_type":410,"fixed_in":9},"lte2.251",{"ecosystem":424,"name":425,"vendor":426,"product":427,"cpe_part":9,"purl_type":428,"purl_namespace":426,"purl_name":427,"source":9,"versions":429},"Maven","org.jenkins-ci.main:jenkins-core","org.jenkins-ci.main","jenkins-core","maven",[430,435],{"version":431,"is_range":408,"range_type":432,"version_start":9,"version_start_type":9,"version_end":433,"version_end_type":434,"fixed_in":9},"lt2_235_4","ecosystem","2.235.4","excluding",{"version":436,"is_range":408,"range_type":432,"version_start":437,"version_start_type":410,"version_end":438,"version_end_type":434,"fixed_in":9},"gte2_237_lt2_252","2.237","2.252"]