CVE-2020-2193

Name of the Vulnerable Software and Affected Versions Jenkins ECharts API Plugin versions 4.7.0-3 and earlier

Description The issue results in a stored cross-site scripting vulnerability due to the failure to escape the parser identifier when rendering charts. This can be exploited by users with Job/Configure permission.

Recommendations For Jenkins ECharts API Plugin versions 4.7.0-3 and earlier, update to version 4.7.0-4 or later to resolve the issue. As a temporary workaround, consider restricting access to chart rendering functionality to minimize the risk of exploitation.