Description
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Remediation
References
https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1907
Related Vulnerabilities
CVE-2019-10291 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan
CVE-2020-2187 Vulnerability in maven package org.jenkins-ci.plugins:ec2
CVE-2023-30520 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger
CVE-2020-6460 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration