Jenkins · Jenkins Compact Columns Plugin · CVE-2020-2195
**Name of the Vulnerable Software and Affected Versions**
Jenkins Compact Columns Plugin versions 1.11 and earlier
**Description**
The issue results in a stored cross-site scripting vulnerability. This can be exploited by users with Job/Configure permission, as the unprocessed job description is displayed in tooltips.
**Recommendations**
For Jenkins Compact Columns Plugin versions 1.11 and earlier, update to version 1.12 or later, which applies the configured markup formatter to the job description shown in tooltips.