CVE-2020-2263 – Jenkins Radiator View Plugin 1.29 and earlier does not escape the full na

Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2263

Reference (s):

• https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1927
• URL: https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1927
• MLIST:[oss-security] 20200916 Multiple vulnerabilities in Jenkins plugins
• URL: http://www.openwall.com/lists/oss-security/2020/09/16/3