Description
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142
Related Vulnerabilities
CVE-2020-2323 Vulnerability in maven package io.jenkins.plugins:chaos-monkey
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel-traverse
CVE-2020-6423 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-36899 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs