CVE-2020-2226

Name of the Vulnerable Software and Affected Versions Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier

Description The issue is related to a stored cross-site scripting vulnerability. It occurs because user names shown in the configuration or permission table are not properly escaped. This can be exploited by a user with specific permissions, such as Job/Configure, Agent/Configure, or Overall/Administer, depending on the authorization setup. The vulnerability allows for the execution of malicious scripts.

Recommendations For Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier, update to version 2.6.2 or later, which escapes user names in the permission table, addressing the stored cross-site scripting vulnerability.