CVE-2020-2222

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier

Description The issue results from the job name in the 'Keep this build forever' badge tooltip not being escaped, leading to a stored cross-site scripting vulnerability. This vulnerability is exploitable by users who can configure job names. However, it is believed to be difficult to exploit in common configurations due to the limited character set supported by job names.

Recommendations For Jenkins versions 2.244 and earlier, update to version 2.245 or later to resolve the issue. For Jenkins LTS versions 2.235.1 and earlier, update to version 2.235.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability to configure job names to minimize the risk of exploitation.