CVE-2020-2230

MEDIUM

Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting in Project Naming Strategy Description

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-2230. PoCs published by gx1.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Jenkins versions <= 2.251 and LTS <= 2.235.3. The vulnerability arises from unescaped project naming strategy descriptions, allowing users with Overall/Manage permission to inject malicious scripts.

Description

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.

Exploits (1)

exploitdb WORKING POC
by gx1 · textwebappsjava
https://www.exploit-db.com/exploits/49237

This exploit demonstrates a stored XSS vulnerability in Jenkins versions <= 2.251 and LTS <= 2.235.3. The vulnerability arises from unescaped project naming strategy descriptions, allowing users with Overall/Manage permission to inject malicious scripts.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Jenkins <= 2.251 and LTS <= 2.235.3
Auth required
Prerequisites: Overall/Manage permission in Jenkins · Project Naming Strategy configuration access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/08/12/4
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html

Scores

CVSS v3 5.4
EPSS 0.8305
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
jenkins/jenkins < 2.235.3
jenkins/jenkins < 2.251
org.jenkins-ci.main/jenkins-core 0 - 2.235.4Maven
Published Aug 12, 2020
Tracked Since Feb 18, 2026