CVE-2020-2201

Name of the Vulnerable Software and Affected Versions Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier

Description The issue results in a stored cross-site scripting vulnerability due to the failure to escape the file path for the Log file field form validation. This can be exploited by users with Job/Configure permission, allowing for potential malicious activities.

Recommendations For Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Log file field form validation to minimize the risk of exploitation.