Description
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/09/1
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1723
Related Vulnerabilities
CVE-2014-0364 Vulnerability in maven package org.igniterealtime.smack:smack
CVE-2020-10968 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-25863 Vulnerability in npm package gatsby-plugin-mdx
CVE-2019-12041 Vulnerability in maven package org.webjars.npm:remarkable
CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-server