CVE-2020-2231

MEDIUM

Jenkins < 2.251 and LTS < 2.235.3 - Stored Cross-Site Scripting via Remote Build Trigger

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-2231. PoCs published by gx1.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Jenkins by injecting malicious JavaScript via the 'X-Forwarded-For' header when 'Trigger builds remotely' is enabled. The payload is reflected in the build history view, requiring specific conditions like proxy configurations and authentication tokens.

Description

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.

Exploits (1)

exploitdb WORKING POC

by gx1 · textwebappsjava

https://www.exploit-db.com/exploits/49244

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Jenkins by injecting malicious JavaScript via the 'X-Forwarded-For' header when 'Trigger builds remotely' is enabled. The payload is reflected in the build history view, requiring specific conditions like proxy configurations and authentication tokens.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Jenkins <= 2.251 and LTS <= 2.235.3

Auth required

Prerequisites: Remote build trigger enabled · Authentication token or Job/Configure permission · Application server using X-Forwarded-For or similar headers

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/08/12/4

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0530

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

jenkins/jenkins < 2.235.3

jenkins/jenkins < 2.251

org.jenkins-ci.main/jenkins-core 0 - 2.235.4Maven

Published Aug 12, 2020

Tracked Since Feb 18, 2026