Bug 1819198 (CVE-2020-2161)

Summary: CVE-2020-2161 jenkins: XSS in job configuration pages
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abenaiss, aos-bugs, bmontgom, eparis, extras-orphan, java-sig-commits, jburrell, jokerman, mizdebsk, msrb, nstielau, pbhattac, sponnaga
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: jenkins LTS 2.204.6, jenkins LTS 2.222.1, jenkins 2.228 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-28 01:16:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1819199, 1819497, 1819501, 1819505, 1820017, 1820018, 1873174, 1877292    
Bug Blocks: 1819191    

Description Dhananjay Arunesh 2020-03-31 12:58:40 UTC 
A vulnerability was found in Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.

Reference:
http://www.openwall.com/lists/oss-security/2020/03/25/2
Comment 1 Dhananjay Arunesh 2020-03-31 12:59:53 UTC 
Created jenkins tracking bugs for this issue:

Affects: fedora-all [bug 1819199]
Comment 2 Sam Fowler 2020-04-01 01:22:11 UTC 
External References:

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1781