CVE-2020-2244

Name of the Vulnerable Software and Affected Versions Jenkins Build Failure Analyzer Plugin versions 1.27.0 and earlier

Description The issue results from the plugin not escaping matching text in a form validation response, leading to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by attackers who can provide console output for builds used to test build log indications.

Recommendations For Jenkins Build Failure Analyzer Plugin versions 1.27.0 and earlier, update to version 1.27.1 or later, which escapes matching text in the affected form validation response.